Security Information and Event Management (SIEM) Manager

ARAs Client Global Digital & Cloud Transformation Partner

ARAs Client is a leading enterprise technology organization delivering large-scale cloud, security, and digital transformation solutions for global clients across regulated and high-growth industries. The organization is known for its deep engineering expertise, strong governance culture, and long-term technology partnerships.

Summary:

As a Security Delivery Lead, you will be at the forefront of implementing and delivering Security Services projects. We are seeking a highly skilled and experienced Level 4 SOC Incident Responder to join our Security Operations Center (SOC) team. This senior-level position is critical in managing and responding to advanced cybersecurity threats, leading complex incident investigations, and developing detection and response strategies. The ideal candidate will possess deep technical expertise, strong analytical skills, and proven experience in managing end-to-end incident responses.

Roles & Responsibilities:

Incident Response & Management

Act as the primary lead on critical security incidents and complex investigations.

Triage, analyze, and respond to escalated security alerts and events from Level 1-3 SOC teams.

Conduct root cause analysis, forensic investigations, and impact assessments.

Coordinate with internal stakeholders and external partners during major incidents (e.g., breach response).

Develop and execute incident response plans (IRPs) and playbooks for various attack scenarios.

Threat Hunting & Analysis

Proactively hunt for threats using SIEM, EDR, and threat intelligence data.

Identify and mitigate advanced persistent threats (APTs) and zero-day exploits.

Analyze malware, network traffic, endpoint artifacts, and log data to detect and contain threats.

Tooling & Automation

Tune detection content and enhance alerting logic across SIEM/SOAR platforms.

Integrate and optimize use of tools such as Splunk, MxDR, Sentinel, CrowdStrike, Tines, XSOAR, etc.

Contribute to development and refinement of automated response workflows using SOAR tools.

Mentoring & Leadership

Provide guidance and mentorship to L1-L3 analysts on investigation techniques and escalation paths.

Conduct knowledge-sharing sessions and tabletop exercises for IR preparedness.

Assist in training team members on evolving threats, tools, and methodologies.

Reporting & Documentation

Prepare detailed incident reports, post-incident reviews (PIRs), and lessons learned.

Maintain up-to-date documentation of incident handling procedures and response plans.

Communicate technical findings clearly to both technical and non-technical stakeholders.

Professional & Technical Skills:

Must have experience in Digital Forensic+ Malware Analysis+ SIEM + Threat Hunting

12+ years of experience in cybersecurity, with 8+ years in incident response or SOC operations.

Proven experience leading response for critical security incidents and breaches.

Expertise in analyzing and interpreting logs, packet captures, endpoint telemetry, and malware samples.

Strong experience with SIEM (e.g., Splunk, QRadar, Sentinel, MxDR) and EDR (e.g., CrowdStrike, Carbon Black) platforms.

Hands-on experience with SOAR platforms and scripting (Python, PowerShell, Bash).

Familiarity with MITRE ATT&CK, Cyber Kill Chain, and threat modeling frameworks.

Excellent understanding of Windows, Linux, network protocols, and cloud environments (AWS, Azure).

Strong written and verbal communication skills, especially in high-pressure situations.

Additional Information:

- The candidate should have minimum 12 years of experience

- Location: Pan India

- A 15 years full time education is required.