We are looking for highly skilled cybersecurity consultants with extensive hands-on experience in SOC design, SIEM engineering, Incident Response, Threat Detection, and building cybersecurity maturity. Consultants should be proficient in building SOCs from scratch, developing SIEM use-cases, MITRE mapping, IR playbooks, and defining cybersecurity strategy.
Key Responsibilities
Lead technical cybersecurity discussions with IT, vendors, and stakeholders.
Ensure alignment with regulatory requirements and security best practices.
Enhance and maintain SIEM/SOC operations, including rule tuning, process development, and SOC setup (if needed).
Required Expertise
Strong hands-on experience in SIEM/SOC design and operations
Cybersecurity governance and risk management
Security architecture reviews
Ability to engage effectively with IT/Security teams
Experience in banking, finance, telco, or enterprise environments
15–20 years of practical cybersecurity experience
1 Cybersecurity Architecture Assessment & Strategy
- Lead a full end-to-end evaluation of the organization’s existing SIEM architecture, SOC operations, and IR capabilities.
- Assess effectiveness across people, processes, and technology, identifying strengths, gaps, and opportunities for enhancement.
- Benchmark current cybersecurity maturity against industry standards (e.g., NIST CSF, ISO 27001, MITRE ATT&CK).
- Develop a prioritized roadmap for SIEM/SOC/IR optimization and modernization.
- SIEM Optimization & Enhancement
- Redesign SIEM architecture and data ingestion strategy to improve visibility, performance, and event fidelity.
- Enhance log parsing, normalization, enrichment, and ingestion from critical sources (cloud, endpoints, identity, OT/ICS, network, and security tools).
- Refine correlation logic, detection use cases, and alert tuning methodologies to reduce false positives and increase detection accuracy.
- Implement advanced detection techniques mapped to MITRE ATT&CK, including custom rules, dashboards, and analytics.
- Establish SIEM governance processes, rule-tuning standards, and performance optimization practices.
- SOC Maturity Improvement & Operational Excellence
- Conduct a deep review of SOC workflows, tiered responsibilities, shift coverage, and tooling integration.
- Redesign triage and escalation workflows to improve response efficiency and adherence to SLAs.
- Enhance tool interoperability (SIEM, SOAR, ticketing, TIP, EDR) to streamline end-to-end detection and response.
- Develop or refine IR playbooks for priority incident types (phishing, malware, insider threat, cloud compromise, etc.).
- Lead SOC modernization initiatives including automation, orchestration, and analyst enablement.
- Incident Response Uplift
- Evaluate and enhance incident response strategies, containment approaches, escalation paths, and communication flows.
- Conduct tabletop exercises, technical simulations, and scenario-based training to improve analyst readiness.
- Improve coordination across IT, security, compliance, and risk teams during incident handling.
- Advise leadership on best practices, emerging threats, and enterprise IR preparedness.
- Implementation Leadership & Delivery
- Drive the successful implementation of all improvements identified during the assessment phase.
- Manage cross-functional workstreams, ensuring timely delivery of SIEM/SOC enhancements.
- Ensure all changes align with cybersecurity best practices, compliance requirements, and business objectives.
- Track progress using KPIs such as MTTD, MTTR, correlation accuracy, false-positive rates, and detection coverage.
