Design and position end-to-end cybersecurity solutionsSOC, SIEM/SOAR, EDR/XDR/MDR, Zero Trust, IAM, DLP/CASB and cloud securitymapped to regulatory obligations and business risk, with clear incident response and governance models.
Key Responsibilities (Expanded)
- Understanding of isk & gap workshopswith CISOs to map threats, critical assets and compliance obligations (ISO 27001, RBI, PCI DSS, GDPR) into a prioritized control plan.
- Architect SIEM solutions(Splunk/QRadar/Sentinel/ArcSight) with parsers, correlation rules, UEBA and retention tuned to detection objectives and costs.
- Design SOAR playbooks(Cortex XSOAR/Splunk SOAR/Resilient) that automate triage, enrichment, containment and evidence capture with approval gates.
- Select and size EDR/XDR(Defender/CrowdStrike/SentinelOne/Cortex XDR) based on estate diversity, offline behavior, response speed and MDR fit.
- Understanding of MDR servicesfor 247 monitoring where in-house SOC maturity or budget is limited, clarifying RACI and escalation paths.
- Understanding of Zero Trust roadmaps(identity-first access, micro-segmentation, continuous assessment) and realistic adoption waves.
- Design IAM architectures(Okta/Ping/Azure AD) covering SSO, MFA, lifecycle and privileged access (PAM) with least privilege.
- Understanding of how to Protect data with DLP/CASB(Trellix/Symantec/Netskope/Zscaler) across endpoints, cloud and email, with policies and false-positive tuning.
- Able to architect Harden cloud security(AWS/Azure/GCP) using native controls (CSPM/CWPP/KMS) and align to CIS Benchmarks and RBI data localization.
- Understand incident response runbooks(phishing, ransomware, lateral movement) with tabletop exercises to improve real-world readiness.
- Able to link detections to business impactby defining blast radius, down-time cost and regulatory reporting timelines to secure budgets.
- Prepare RFP responseswith control matrices, coverage diagrams, SLAs and staffing models that match client risk appetite.
- Understanding on Define evidence & audit paths(log integrity, chain of custody, SoE) for regulators and external auditors.
- Coach customer teamson security best practices
- Maintain a control accelerator library(playbooks, detection packs, policy templates) to speed deployments consistently.
- Benchmark against peersand share cyber maturity roadmaps (crawl/walk/run) to guide staged investments.
- Track threat landscape & vendor roadmapsand evolve detections (TTPs) to keep defenses current.
- Support sales & deliverywith clear SOWs, acceptance criteria and post-sales governance for smooth execution.
Required Skills & Technologies
SIEM: Splunk/QRadar/Sentinel/ArcSight SOAR: XSOAR/Splunk SOAR/Resilient EDR/XDR: Defender/CrowdStrike/SentinelOne/Cortex IAM/Zero Trust: Okta/Ping/Azure AD, ZTNA DLP/CASB: Trellix/Symantec/Netskope/Zscaler Cloud security: CSPM/CWPP/KMS
Preferred Certifications
CISSP/CISM/CISA Microsoft SC-200 Splunk Architect Palo Alto PCNSE ISO 27001 LA/LI
