Technical & Bus Analyst - Data & Applications

Tata Consultancy Services Ltd

GA

JOB DETAILS
SALARY
$64,000–$125,000 Per Year
SKILLS
Analysis Skills, Application Programming Interface (API), CIM (Common Information Model), Cloud Computing, DevOps, Documentation, IR (Infrared), Industry Standards, Internet Security, JSON, Onboarding, Regulatory Compliance, Requirements Management, Security Information and Event Management (SIEM), Splunk, Taxonomies, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Selection
LOCATION
GA
POSTED
5 days ago

Must Have Technical/Functional Skills

Technical Expertise

  • 5+ years working with SIEM platforms (Splunk preferred).
  • Advanced experience with CIM, ECS, or equivalent log normalization schemas.
  • Strong understanding of:

o JSON logging

o Syslog/NXLog

o Cloud logging architectures (AWS/GCP/Azure)

o Application security telemetry

o OSQuery / EDR / DNS / WAF logs

  • Proven ability to write:

o Source type definitions

o Field extraction rules

o Correlation logic

o Detection playbooks

Cybersecurity Knowledge & Competency

  • Familiarity with MITRE ATT&CK, SIGMA rules, NIST 800-53 frameworks.
  • Experience supporting SOC, IR, SIEM, Detection Engineering, or Threat Ops teams.
  • Understanding modern attack techniques, identity abuse patterns, and cloud threats.

Roles & Responsibilities

  • Engage and coordinate with Application Owners, Product Teams, DevOps, and Engineering.
  • Validate log types, formats, schemas, and logging methods (syslog, API, CloudTrail, JSON, custom formats).
  • Define onboarding requirements including event types, fields, timestamps, user identity, error codes,
  • and security-critical attributes.
  • Evaluate logs for completeness, reliability, and compliance with industry standard schemas.
  • Map log sources to Splunk's Common Information Model (CIM) or equivalent normalization frameworks.
  • Log parsing, field extraction, enrichment, and timestamp normalization.
  • Development of CIM-compliant extractions for all new log sources.
  • Documentation of field dictionaries, mappings, and SIEM source type definitions.
  • Validation of proper taxonomy alignment across categories such as:

o Authentication

o Authorization

o Application activity

o Network activity

o Security events

o Error/failure conditions

o Administrative and privileged actions

  • Mapping application behaviors to relevant attack techniques (MITRE ATT&CK).
  • Identifying and documenting detection opportunities.
  • Authoring and implementing:

o Correlation searches

o Behavioral detections

o Anomaly models

o High-fidelity alert logic

  • Ensuring each detection has:

o Defined data dependencies

o Operational owner

o Severity/priority rating

o Triage response play

  • Operationalizing detections into Security Operations Runbooks, including:

o Preconditions

  • Indicators & patterns

o Triage steps

o Containment actions

o Escalation paths

o Evidence checklist

Salary Range: $64,000 - $125000 a year

#LI-CM2

About the Company

T

Tata Consultancy Services Ltd