Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education
Summary:
As a Security Architect, a typical day involves designing and establishing a comprehensive cloud security framework that aligns with organizational objectives and performance standards. This role includes creating detailed documentation for the deployment of cloud security controls and overseeing the smooth transition of these controls into managed cloud security operations. The position requires continuous collaboration with various teams to ensure that the security architecture supports business needs while maintaining operational efficiency and resilience in a cloud environment.
Roles & Responsibilities:
Develop and maintain incident response plans, playbooks, escalation paths, and communication templates.
Work with internal and external resources to ensure proper logging, alerting, forensic collection, and response capabilities are in place.
Participate in tabletop exercises, purple team activities, incident simulations, and lessons-learned reviews.
Help define severity classifications, response SLAs, escalation criteria, and evidence-handling procedures.
Maintain readiness for common incident types, including phishing, business email compromise, malware, ransomware, credential compromise, insider threat, data exposure, cloud compromise, and unauthorized access.
Lead technical investigations into suspected or confirmed security alerts and incidents.
Correlate activity across endpoint, identity, cloud, network, email, and application logs.
Perform timeline analysis, scope assessment, root-cause analysis, and impact determination.
Identify indicators of compromise, attacker tactics, persistence mechanisms, lateral movement, privilege escalation, and data access patterns.
Use threat intelligence and MITRE ATT&CK mapping to contextualize attacker behavior.
Determine whether an alert represents benign activity, policy violation, misconfiguration, attempted compromise, or confirmed compromise
Don't want to miss the next one?
Subscribe to daily email alerts for roles matching your interests.
Coordinate and perform where appropriate containment actions such as host isolation, account disablement, token revocation, firewall blocks, email quarantine, access removal, and cloud control changes.
Work with system owners and IT teams to remove persistence, remediate exploited weaknesses, and restore secure operations.
Validate that threats have been removed and that recovery actions are complete.
Support evidence preservation and chain-of-custody practices when required.
Communicate technical findings clearly to both security and non-security stakeholders.
Lead or contribute to post-incident reviews.
Document root cause, timeline, business impact, control gaps, and corrective actions.
Translate incident findings into improved detections, playbooks, automation, hardening guidance, and training.
Track remediation items through completion.
Identify recurring patterns and recommend strategic improvements to prevent similar incidents.
Build, test, tune, and maintain detections across SIEM, EDR, cloud, identity, SaaS, and network platforms.
Develop detection logic using query languages such as KQL, SPL, SQL, Sigma, YARA, or platform-specific equivalents.
Create detections mapped to threat behaviors, attack chains, and MITRE ATT&CK techniques.
Conduct proactive threat hunting based on emerging threats, abnormal behavior, attacker tradecraft, and internal risk signals.
Validate detections through testing, simulation, purple team exercises, or historical incident data.
Document detection purpose, logic, assumptions, known limitations, triage guidance, and response steps.
Partner with engineering and infrastructure teams to improve telemetry collection and logging standards.
Professional & Technical Skills:
Must To Have Skills: Proficiency in Security Information and Event Management (SIEM).
Strong expertise in cloud security frameworks and architecture design.
Experience in documenting and implementing cloud security controls and policies.
Ability to analyze security risks and develop mitigation strategies within cloud environments.
Familiarity with security monitoring, incident response, and threat detection techniques.
Skilled in collaborating with cross-functional teams to integrate security solutions effectively.
Additional Information:
The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).
This position is based at our Gurugram office.
A 15 years full time education is required.
Similar roles you might like
More openings like this one — take a look before you go.