Security Information and Event Management; SIEM Manager

Position: Security Information and Event Management (SIEM) Manager
Location: Bengaluru

ARAs Client – Global Digital & Cloud Transformation Partner
ARAs Client is a leading enterprise technology organization delivering large-scale cloud, security, and digital transformation solutions for global clients across regulated and high-growth industries. The organization is known for its deep engineering expertise, strong governance culture, and long-term technology partnerships.

Summary:

As a Security Delivery Lead, you will be at the forefront of implementing and delivering Security Services projects. We are seeking a highly skilled and experienced Level 4 SOC Incident Responder to join our Security Operations Center (SOC) team. This senior-level position is critical in managing and responding to advanced cybersecurity threats, leading complex incident investigations, and developing detection and response strategies.

The ideal candidate will possess deep technical expertise, strong analytical skills, and proven experience in managing end-to-end incident responses.

Roles & Responsibilities :
Incident Response & Management

• Act as the primary lead on critical security incidents and complex investigations.

• Triage, analyze, and respond to escalated security alerts and events from Level 1-3 SOC teams.

• Conduct root cause analysis, forensic investigations, and impact assessments.

• Coordinate with internal stakeholders and external partners during major incidents (e.g., breach response).

• Develop and execute incident response plans (IRPs) and playbooks for various attack scenarios.
Threat Hunting & Analysis

• Proactively hunt for threats using SIEM, EDR, and threat intelligence data.

• Identify and mitigate advanced persistent threats (APTs) and zero-day exploits.

• Analyze malware, network traffic, endpoint artifacts, and log data to detect and contain threats.
Tooling & Automation

• Tune detection content and enhance alerting logic across SIEM/SOAR platforms.

• Integrate and optimize use of tools such as Splunk, MxDR, Sentinel, Crowd Strike, Tines, XSOAR, etc.

• Contribute to development and refinement of automated response workflows using SOAR tools.
Mentoring & Leadership

• Provide guidance and mentorship to L1-L3 analysts on investigation techniques and escalation paths.

• Conduct knowledge-sharing sessions and tabletop exercises for IR preparedness.

• Assist in training team members on evolving threats, tools, and methodologies.
Reporting & Documentation

• Prepare detailed incident reports, post-incident reviews (PIRs), and lessons learned.

• Maintain up-to-date documentation of incident handling procedures and response plans.

• Communicate technical findings clearly to both technical and non-technical stakeholders.

Professional & Technical

Skills:

• Must have experience in Digital Forensic+ Malware Analysis+ SIEM + Threat Hunting

• 12+ years of experience in cybersecurity, with 8+ years in incident response or SOC operations.

• Proven experience leading response for critical security incidents and breaches.

• Expertise in analyzing and interpreting logs, packet captures, endpoint telemetry, and malware samples.

• Strong experience with SIEM (e.g., Splunk, QRadar, Sentinel, MxDR) and EDR (e.g., Crowd Strike, Carbon Black) platforms.

• Hands-on experience with SOAR platforms and scripting (Python, Power Shell, Bash).

• Familiarity with MITRE ATT&CK, Cyber Kill Chain, and threat modeling frameworks.

• Excellent understanding of Windows, Linux, network protocols, and cloud environments (AWS, Azure).

• Strong written and verbal communication skills, especially in high-pressure situations.

Additional Information:
- The candidate should have minimum 12 years of experience

- Location:

Pan India
- A 15 years full time education is required.