Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Security Information and Event Management (SIEM)
Good to have skills : NA
Minimum 3 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary: As an Azure Sentinel Architect, you will be responsible for leading the design, architecture, and deployment of Microsoft Sentinel across hybrid and multi-cloud environments. You will work closely with security engineering, SOC, and IT operations to build scalable SIEM solutions, define log ingestion strategies, develop advanced analytics and automation use cases, and guide technical decisions around Microsoft Defender integration, compliance, and detection coverage. This is a strategic technical leadership role combining architecture, implementation, and advisory responsibilities. Roles & Responsibilities: -Design log ingestion pipelines, data connectors, and custom parsers for diverse sources (Azure, AWS, GCP, on-prem). -Develop detection logic using Kusto Query Language (KQL) to create custom analytics rules and hunting queries. -Build and maintain Sentinel automation (SOAR) capabilities using Azure Logic Apps and playbooks. -Integrate Microsoft Sentinel with: -Microsoft Defender for Endpoint, Cloud, Identity, Office 365 -Third-party tools (e.g., Proofpoint, CrowdStrike, Tenable, ServiceNow) -Define SIEM architecture standards, retention policies, and access control models for role-based access (RBAC). -Lead the development of workbooks, dashboards, and visualizations for executive and operational reporting. -Perform threat modeling and use case development aligned with MITRE ATT&CK, NIST, and cyber kill chain. -Collaborate with SOC, compliance, and IT teams to ensure monitoring coverage and incident response readiness. -Conduct technical workshops, design sessions, and provide thought leadership on Sentinel capabilities. -Support audits, compliance reporting, and align SIEM strategy with regulatory frameworks (ISO, GDPR, HIPAA, etc.). -Perform POCs, create deployment templates (ARM/Bicep), and maintain IaC best practices. -Build real-time and scheduled dashboards to support SOC, compliance, and leadership visibility -Participate in use case governance processes and maintain runbooks/playbooks -Review and approve content changes submitted by junior team members -Strong foundational understanding of security operations, threat landscapes, and log analysis -Excellent written and verbal communication skills for working with both technical and business stakeholders -Tune existing alerts and rules to reduce false positives and improve detection fidelity -Map detection content to frameworks such as MITRE ATT&CK and compliance standards -Log source parsing issues troubleshooting and resolution. -Optimize searches, reduce duplication, and ensure compliance with search head clustering best practices Professional & Technical Skills: -Expert-level understanding of Microsoft Sentinel architecture, features, and deployment models. -Hands-on experience with SOAR automation using Logic Apps and custom connectors. -Strong understanding of log ingestion pipelines, data normalization, and schema mapping. -Familiarity with integrating non-Microsoft log sources via syslog, CEF, REST APIs, and custom connectors. -Good grasp of cloud-native security architecture in Azure (NSGs, Azure Firewall, Sentinel, Azure Policy, etc.). -Experience working with ARM templates, Bicep, or Terraform for security infrastructure deployment. -Scripting knowledge (PowerShell, Python, YAML) to automate deployments and rule management. -Knowledge of threat intelligence platforms, MISP, TI mappings, and custom entity extraction. -Familiarity with compliance frameworks like NIST 800-53, ISO 27001, GDPR, PCI-DSS, etc. -Primary Skill: MS Sentinal SIEM Build, Detection Engineering and platform. -Certification Requirements (Must Have One or More): Microsoft Certified: Azure Security Engineer Associate (AZ-500) -Microsoft Certified: Cybersecurity Architect Expert (SC-100) (Highly Preferred) -Microsoft Certified: Security Operations Analyst Associate (SC-200) -Microsoft Certified: Azure Solutions Architect Expert -CompTIA Security+ / CySA+ / CASP+ (Optional) -Experience: in SOC including 2+ in MS Azure Sentinal SIEM Content Engineering /Platform Support Additional Information: - The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM). - This position is based at our Bengaluru office. - A 15 years full time education is required.