Track Lead - Security Investigations, SIEM
India
Apply now
Job Description
Track Lead - Security Investigations, SIEM
Bengaluru, Karnataka

Job Summary

The Track Lead (Support & Operations) plays a pivotal role in managing security event investigations and implementing technical solutions within the organization. This position focuses on enhancing operational efficiencies, ensuring client satisfaction, and fostering a culture of continuous improvement and innovation among teams. The Track Lead is instrumental in aligning operational goals with organizational objectives while empowering teams to meet client SLAs effectively.

We are looking for an experienced Detection Engineer with strong Splunk, Risk-Based Alerting, and Security Analytics background to design, develop, tune, and maintain advanced cyber threat detections across enterprise environments. 

The role will focus on developing high-fidelity detections using Splunk SPL, Splunk Enterprise Security, Risk-Based Alerting, MITRE ATT&CK mapping, and data-driven analytics. The candidate should also have exposure to Python, Pandas, Scikit-learn, statistical analysis, anomaly detection, clustering, and machine learning exploration to support behavioral analytics and threat detection maturity. 

The ideal candidate will work closely with SOC analysts, threat hunters, incident responders, threat intelligence teams, and security engineering teams to reduce false positives, improve detection coverage, and operationalize risk-based security monitoring. 

Key Responsibilities

1. Implement And Optimize Soar Solutions To Automate Security Event Investigations, Ensuring Timely And Accurate Incident Response While Enhancing Overall Operational Efficiency.
2. Develop And Maintain Comprehensive Reporting Systems Using Siem Tools To Provide Insights Into Security Incidents And Operational Performance, Facilitating Informed Decision-Making.
3. Lead And Mentor The Support Team By Fostering Transparent Communication Of Project Goals And Encouraging The Adoption Of Best Practices In Security Operations.
4. Collaborate With Clients To Thoroughly Understand Their Security Needs, Ensuring The Support Team Delivers Tailored Solutions That Exceed Client Expectations.
5. Drive Innovation By Identifying Opportunities For Process Improvements And Implementing New Ideas That Enhance The Effectiveness Of Security Operations.

1. Detection Engineering 

  • Design, develop, test, tune, and maintain security detections using Splunk SPL. 
  • Build and manage Splunk Enterprise Security correlation searches. 
  • Develop detection use cases across endpoint, network, identity, cloud, email, proxy, DNS, VPN, and application logs. 
  • Convert threat intelligence, attack patterns, and SOC findings into actionable detection logic. 
  • Map detections to MITRE ATT&CK tactics, techniques, and procedures. 
  • Perform detection testing using historical data, attack simulation, purple team exercises, and threat hunting findings. 
  • Reduce false positives through tuning, threshold adjustment, suppression logic, and contextual enrichment. 
  • Create and maintain detection documentation including logic, severity, risk score, data sources, MITRE mapping, and investigation steps. 

2. Splunk Enterprise Security & SIEM Operations 

  • Develop and optimize correlation searches, notable events, dashboards, reports, and alerts in Splunk Enterprise Security. 
  • Work with Splunk data models, CIM mapping, accelerated data models, and tstats queries. 
  • Support log source validation, parsing, field extraction, and data quality reviews. 
  • Create dashboards for SOC monitoring, detection health, alert trends, and risk posture. 
  • Support SOC analysts with investigation queries, timelines, and alert triage improvements. 
  • Integrate Splunk detections with SOAR, ticketing, and case management platforms where applicable. 

3. Risk-Based Alerting & Risk Analytics 

  • Design and maintain Risk-Based Alerting rules in Splunk Enterprise Security. 
  • Assign contextual risk scores to users, hosts, source IPs, destination IPs, cloud identities, service accounts, and applications. 
  • Build risk rules for authentication anomalies, privileged activity, suspicious process execution, lateral movement, malware indicators, data exfiltration, cloud misconfigurations, and insider-risk behavior. 
  • Develop cumulative risk scoring logic to identify high-risk users, hosts, and sessions. 
  • Correlate multiple low-severity events into high-confidence notable alerts. 
  • Tune risk thresholds based on alert volume, business context, entity criticality, and SOC feedback. 

 

Skill Requirements

1. Strong Proficiency In Security Event Investigation And Soar Technologies.
2. In-Depth Knowledge Of Siem Tools And Their Application In Operational Environments.
3. Excellent Problem-Solving Abilities And A Strong Understanding Of Client Relationship Management.
4. Proven Leadership Skills With The Ability To Mentor And Empower Teams Effectively.

Other Requirements

1. Optional But Valuable Certifications: Certified Information Systems Security Professional (Cissp), Security+ Certification, Or Any Relevant Soar Or Siem Certifications
Apply now
Information at a Glance

Why HCLTech?

At HCLTech, you'll supercharge your potential. You'll find your career. And you'll find your spark. All at a place that knows that helping its customers stay on top starts by putting its people first.

HCLTech is a global technology company, home to more than 226,300 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services. Consolidated revenues as of 12 months ending December 2025 totaled $14.5 billion.
23 Benefits At HCLTech, we believe in empowering our employees with comprehensive benefits that support their professional growth and enhance their well-being. When you sign up for a career with us, you gain access to: https://rmkcdn.successfactors.com/147eb21f/a701dca9-f32d-4fc9-9447-6.svg Industry-benchmarked compensation https://rmkcdn.successfactors.com/147eb21f/b0c54381-ddcc-4a33-9b35-9.svg Best-in-class healthcare benefits https://rmkcdn.successfactors.com/147eb21f/b73027be-7aae-4d36-a090-4.svg Personal time off https://rmkcdn.successfactors.com/147eb21f/d5b4fdfd-2e99-4e26-9878-9.svg Maternity and paternity benefits https://rmkcdn.successfactors.com/147eb21f/3d42b0fc-4652-435a-9ece-c.svg Access to skills / higher education programs/resources https://rmkcdn.successfactors.com/147eb21f/aeddeaf2-9e25-4584-ad11-d.svg Discounts on products and services via Benefit Box https://rmkcdn.successfactors.com/147eb21f/a9609a3b-2700-4b3c-9d90-a.svg Participate in CSR programs and live life with a purpose https://rmkcdn.successfactors.com/147eb21f/c6e33851-710f-4634-bd69-f.svg Opportunities to grow and advance your career Note: The benefits listed above vary depending on the nature of your employment and the country where you work. Some benefits may be available in some countries but not in all.