Job Title - Lead Security Data Engineer\nJob Location - Pune, Maharashtra\nMust Have Skills - Python, Security Operations, Querying, Analysing, and Investigating security data using a SIEM platform\n\nPosition Overview\nAs a Lead Security Data Engineer, you will execute, build, and maintain processes and systems to protect our customers’ data from identity-related issues (threats, risks, governance, and compliance) focusing on the best possible onboarding and integration of customers’ data, identifying the correct data sources, formats and schema, defining and tuning the policies/rules/playbooks, creating appropriate whitelists and blacklists, monitor and tune the data pipelines, warehouses and infrastructure by applying identity security best practices, access management, and monitoring for unauthorized/unusual access or breaches. You need to blend data engineering skills (building optimal data flows) with cybersecurity expertise (identity protection/security).\nResponsibilities\nWork with Sales Engineering and Solution Architects during the technical onboarding process for customers, from initial kick-off to full operational status, to achieve the best possible solution for customers with the optimal information/data architecture.\nIntegrate customers’ data sources - IdPs, SASE, network, endpoints, cloud platforms, applications, services, etc. - into the data pipeline.\nServe as a trusted technical advisor to the field team (and indirectly to customers and partners) around customer data and policies/rules/playbooks - guiding data collection & integration, data analysis, best practices, and security architecture.\nAct as the primary/lead technical coordinator for monitoring, diagnosing, and resolving source and data-level issues that impede the best data collection & integration.\nReview and give feedback on security plans, network/cloud diagrams, customer environment diagrams, and identity security requirements.\nPerform customer data architecture assessments, content baseline assessments, and design reviews.\nWork with the Engineering team to develop and configure custom parsers and data connectors to ensure accurate data ingestion, transformation, normalization, ingestion, and indexing.\nWork (through the field team) with customers’ Security Operations Center (SOC) and/or identity security team to ensure the best possible onboarding and operations.\nContribute to the continuous improvement of our onboarding and operational processes, creating documentation and automation scripts to increase efficiency.\nHelp define, implement, and monitor key risk indicators and key performance indicators (KRIs/KPIs).\nLeverage the platform and backend databases/warehouses to monitor and analyze identity-related issues and identity false positives.
Tune parameters within the platform accordingly. Give feedback to Product/Engineering on enhancements.\nDeveloping actionable use cases to detect, triage, investigate, and remediate based on the latest threat/security trends, including actual technical implementation of parsing data sources, creating, validating, and testing alerting queries to reduce false positives.\nDevelop scripts to simplify data collection and automate data onboarding tasks.\nParticipate in regular calls with customers to ensure alignment with their security objectives and address any concerns or questions they may have. Provide weekly reports on data architecture, posture, incidents, and mitigation efforts.\nCollaborate closely with product management, the engineering team, and other stakeholders throughout the product development lifecycle.\nKeep abreast of the latest IT security, regulatory, and compliance trends to support various risk and data models.\nMaintain accurate and detailed documentation of all activities.\nThrive in a dynamic startup environment, contributing to a culture of innovation and excellence.\nRequirements\n8+ years of hands-on experience in SIEM/SOC/cybersecurity data engineering, with a focus on networking and/or IAM (identity security).\nProficiency in security analysis tools and technologies, including SIEM, SOC, and SOAR solutions, and XDR/EDR.\nProficiency in basic data engineering and analysis.\nUnderstanding of common network concepts such as segmentation, subnets, VPN, and routing/switching.
Understanding of basic networking protocols such as TCP/IP and HTTP.\nProficiency in some scripting and programming language (e.g., Python) for automation, data analysis, and scripting purposes, enabling the creation of efficient analysis scripts and automation workflows to enhance security operations and streamline processes.\nDecent understanding of IAM and identity security concepts like IAM, IDP, etc.\nFamiliarity with Linux and Windows.\nExcellent attention to detail, analytical and problem-solving skills, with the ability to analyze complex security incidents and recommend effective mitigation strategies.\nA solid understanding of cybersecurity concepts, principles, and best practices, with experience in security testing methodologies and tools, is a significant advantage.\nGood to have - Relevant certifications such as CISSP, CISM, CISA, CompTIA Security+, or GIAC certifications (e.g., GCIH, GCIA).\nStrong communication and collaboration skills.\nAbility to thrive in a fast-paced, dynamic work environment.\nMaster’s or Bachelor's degree in Computer Science, Cybersecurity, IT, Engineering, or a related field.
