Technical & Bus Analyst - Data & Applications
Tata Consultancy Services · Triangle, NC · 2 days ago
Information Technology$64k–$110k/yrFull-time
Technical/Functional Skills
- 5+ years working with SIEM platforms (Splunk preferred).
- Advanced experience with CIM, ECS, or equivalent log normalization schemas.
- Strong understanding of: JSON logging, Syslog/NXLog, Cloud logging architectures (AWS/GCP/Azure).
- Proven ability to write: Source type definitions, Field extraction rules, Correlation logic, Detection playbooks.
- Cybersecurity Knowledge & Competency: Familiarity with MITRE ATT&CK, SIGMA rules, NIST 800-53 frameworks.
- Experience supporting SOC, IR, SIEM, Detection Engineering, or Threat Ops teams.
- Understanding modern attack techniques, identity abuse patterns, and cloud threats.
Roles & Responsibilities
- Engage and coordinate with Application Owners, Product Teams, DevOps, and Engineering.
- Validate log types, formats, schemas, and logging methods (syslog, API, CloudTrail, JSON, custom formats).
- Define onboarding requirements including event types, fields, timestamps, user identity, error codes, and security-critical attributes.
- Evaluate logs for completeness, reliability, and compliance with industry standard schemas.
- Map log sources to Splunk’s Common Information Model (CIM) or equivalent normalization frameworks.
- Log parsing, field extraction, enrichment, and timestamp normalization.
- Development of CIM-compliant extractions for all new log sources.
- Documentation of field dictionaries, mappings, and SIEM source type definitions.
- Validation of proper taxonomy alignment across categories such as: Authentication, Authorization, Application activity, Network activity, Security events, Error/failure conditions, Administrative and privileged actions.
- Mapping application behaviors to relevant attack techniques (MITRE ATT&CK).
- Identifying and documenting detection opportunities.
- Authoring and implementing: Correlation searches, Behavioral detections, Anomaly models, High-fidelity alert logic.
- Ensuring each detection has: Defined data dependencies, Operational owner, Severity/priority rating, Triage response play.
- Operationalizing detections into Security Operations Runbooks, including: Preconditions, Indicators & patterns, Triage steps, Containment actions, Escalation paths, Evidence checklist.
Pay
Salary Range: $64,000 - $110000 a year