Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Security Information and Event Management (SIEM) Operations
Good to have skills : NA
Minimum 5 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary: As the SOC L3 Analyst you will lead the technical handling of critical security incidents. You’ll be responsible for deep-dive analysis, root cause investigation, forensics, and containment using tools such as CrowdStrike, Sumo Logic SIEM, and SOAR. You will be responsible for onboarding and managing log sources, building SIEM use cases (custom + in built), and developing automation in SOAR to support incident response and threat detection workflows Roles & Responsibilities: -End-to-End Incident Response Ownership: Ability to handle incident lifecycle (detect, contain, remediate) -Subject matter expert for handling the escalated critical or actual true positive incidents. -CrowdStrike Deep Dive: Using Real Time Response (RTR), Threat Graph, custom IOA rules -Strong command over Sumo Logic SIEM content engineering: Creating detection rules, dashboards, and field extractions -Threat Hunting: Behavior-based detection using TTPs -SOAR Automation: Designing playbooks, integrations with REST APIs, ServiceNow, CrowdStrike -Threat Intel Integration: Automation of IOC lookups and enrichment flows -Forensic Skills: Live host forensics, log correlation, malware behavioral analysis -Deep experience in advanced threat detection and incident response -Scripting Proficiency: Python, PowerShell, Bash for automation or ETL -Error Handling & Debugging: Identify and resolve failures in SOAR or data pipelines -Proficiency in CrowdStrike forensic and real-time response capabilities -Experience Sumo Logic SOAR for playbook optimization -Use case development in Sumo Logic SIEM Professional & Technical Skills: -Lead high-severity incident response, coordinating with stakeholders and IT teams -Perform endpoint forensic triage using CrowdStrike Real Time Response (RTR) -Conduct detailed log analysis and anomaly detection in Sumo Logic -Customize or create new detection rules and enrichments in SIEM -Develop/Tune SOAR playbooks for advanced scenarios, branching logic, and enrichment -Perform root cause analysis and support RCA documentation -Mentor L1 and L2 analysts through case walk-throughs and knowledge sharing -Generate post-incident reports and present findings to leadership -Lead investigations and coordinate response for major incidents -Perform root cause analysis and post-incident reviews -Develop advanced detection content in Sumo Logic -Optimize SOAR playbooks for complex use cases -Onboard and maintain data sources in Sumo Logic SIEM and ensure parsing accuracy -Build custom dashboards, alerts, and queries aligned with SOC use cases -Create and maintain field extractions, log normalization schemas, and alert suppression rules -Integrate external APIs into SOAR (e.g., VirusTotal, WHOIS, CrowdStrike) -Monitor log health and alert performance metrics; troubleshoot data quality issues -Collaborate with L3 IR and Threat Intel teams to translate threat use cases into detections -Participate in continuous improvement initiatives and tech upgrades -Conduct playbook testing, version control, and change documentation -CrowdStrike: Custom detections, forensic triage, threat graphs -SIEM: Rule creation, anomaly detection, ATT&CK mapping -SOAR: Playbook customization, API integrations, dynamic playbook logic -Threat Intelligence: TTP mapping, behavioral correlation -SIEM: Parser creation, field extraction, correlation rule design -Scripting: Python, regex, shell scripting for ETL workflows -Data Handling: JSON, syslog, Windows Event Logs -Tools: Sumologic SIEM, Sumo logic SOAR & Crowdstrike EDR -Exp in in SOC/IR including 4+ in L3 role (IR + SIEM Content Engineering & SOAR) Additional Information: - The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM) Operations. - This position is based at our Bengaluru office. - A 15 years full time education is required.
15 years full time education
About Accenture
We work with one shared purpose: to deliver on the promise of technology and human ingenuity. Every day, more than 775,000 of us help our stakeholders continuously reinvent. Together, we drive positive change and deliver value to our clients, partners, shareholders, communities, and each other.We believe that delivering value requires innovation, and innovation thrives in an inclusive and diverse environment. We actively foster a workplace free from bias, where everyone feels a sense of belonging and is respected and empowered to do their best work.At Accenture, we see well-being holistically, supporting our people’s physical, mental, and financial health. We also provide opportunities to keep skills relevant through certifications, learning, and diverse work experiences. We’re proud to be consistently recognized as one of the World’s Best Workplaces™.Join Accenture to work at the heart of change.
Visit us at www.accenture.com
Equal Employment Opportunity Statement
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.
Accenture is committed to providing veteran employment opportunities to our service men and women.
Read Full Description