Security Architect (m/f/d)

EPAM is seeking a seasoned Security Architect with a strong SIEM (Security Information and Event Management) deployment and migration background. The ideal candidate will have good experience in architecture, design, implementation, migration and optimization of modern SIEM solutions in highly regulated environments like finance and insurance, among others. The ideal candidate should also have a background working within an Enterprise SOC with proven hands-on experience in detection and response to security events and incidents.
The architect will work closely with the client to understand the current and target state of the SIEM solutions. The most successful candidate will be a strong technologist with a practical approach to designing SIEM solutions within large enterprises. This candidate must be able to effectively collaborate with the client’s cybersecurity teams and SOCs to deliver optimal results. In addition, the SIEM Architect must be able to clearly and successfully communicate with a demonstrated understanding of the business and technical requirements of the client.
Responsibilities
Lead the design, deployment and configuration of SIEM solutions, ensuring seamless integration with various security tools, systems and log sources
Plan and execute SIEM migration projects, including data transfer, log source integration, rule/alert migration and configuration tuning
Develop, customise and fine-tune SIEM use cases, correlation rules, dashboards and reports to effectively detect threats and suspicious activities
Integrate diverse log sources such as firewalls, IDS/IPS, antivirus, cloud services, applications and operating systems into the SIEM for comprehensive monitoring
Collaborate with the SOC (Security Operations Center) team to support further use case creation and finetuning following SOC team requirements
Regularly review and optimize SIEM performance to ensure efficient log collection, storage, processing and alerting
Maintain comprehensive documentation for SIEM configurations, integrations client and migration processes, providing regular reports on SIEM performance
Train and mentor junior security engineers and SOC analysts on SIEM use, best practices and troubleshooting
Work closely with IT, security and network teams to ensure the SIEM platform aligns with security strategies and goals
Requirements
At least 10 years of experience in Cyber Security Most of which specialized in engineering SIEM solutions and working in a SOC
Bachelor’s degree in computer science, Information Security or a related field (or equivalent experience)
Expertise in SIEM engineering and architecture, with a focus on at least Splunk or any other leading SIEM solutions like QRadar, ArcSight, LogRhythm and Azure Sentinel among others
Experience in managing the full delivery lifecycle for SIEM enhancements and automation including working on converged SIEM solutions that include SOAR and XDR solutions within it
Proficiency in integrating log sources and developing correlation rules, alerts and dashboards
Experience working in cloud environments (AWS, Azure, GCP) and integrating cloud logs into SIEM solutions
Understanding security frameworks (MITRE ATT&CK, NIST, ISO 27001) and regulatory compliance (GDPR, PCI-DSS)
Knowledge of network protocols, firewalls, IDS/IPS, endpoint security and threat intelligence
Ability to understand the client’s needs, their specific security challenges and the regulatory landscape to provide tailored solutions
Ability to manage stakeholders at various levels, from technical staff to senior executives and effectively communicate complex technical concepts to clients. To work effectively with teams from different departments within large organizations and enterprises
Nice to have
Proven experience with multiple SIEM solutions
Hands-on experience with SIEM migration projects, including planning, execution and troubleshooting
Familiarity with scripting languages (Python, PowerShell, Bash) for automation and data parsing
SIEM-specific certifications such as Splunk Certified Architect, IBM QRadar Certification or ArcSight Certified Security Analyst
Security certifications such as CISSP, CEH, CompTIA CASP+ or GIAC are an advantage