DM - Security (Chennai)

About Us: Our purpose is to help clients exceed their financial health goals. Across the reimbursement cycle, our scalable solutions and clinical expertise help solve programmatic needs. Enabling our teams with leading technology allows analytics to guide our solutions and keeps us accountable achieving goals. We build long-term careers by investing in YOU. We seek to create an environment that cultivates your professional development and personal growth, as we believe your success is our success. ESSENTIAL DUTIES AND RESPONSIBILITIES: Note: The essential duties and responsibilities below are intended to describe the general duties and responsibilities of this position and are not intended to be an exhaustive statement of duties. This position may perform all or most of the primary duties listed below. Specific tasks, responsibilities or competencies may be documented in the Team Member’s performance objectives as outlined by the Team Member’s immediate Leadership Team Member. Experience
- Overall 10 years of total experience, with 7–8 years of specialized expertise in Cybersecurity.
- Minimum 5 years of hands-on experience in a Security Operations Center (SOC) environment. ________________________________________ Core Responsibilities (L3 Level)
- Lead complex security incident investigations and provide expert-level forensics and technical analysis.
- Perform end to end incident management, including containment, eradication, recovery, and root-cause analysis.
- Act as a senior escalation point for L1/L2 analysts and guide them through complex investigations.
- Conduct proactive, intelligence-driven threat hunting to identify advanced and stealthy threats.
- Analyse multi-source security logs, correlate events, and detect sophisticated attack patterns.
- Investigate zero day vulnerabilities, newly reported CVEs, and emerging cyber threats. ________________________________________ SOC Operations & Enhancement
- Develop, refine, and maintain detection use cases, correlation rules, event logic, and alert thresholds.
- Provide SIEM & SOAR tuning and optimization to reduce false positives and improve detection fidelity.
- Enhance automation workflows within SOAR platforms to improve incident response efficiency.
- Maintain and continuously improve SOC playbooks, SOPs, and response templates.
- Drive improvements across SOC processes, SLAs, shift workflows, and operational maturity.
- Lead continuous improvement initiatives, focusing on detection gaps, tuning feedback loops, and recent log onboarding. ________________________________________ Implementation & Projects
- Lead technical implementation and onboarding of new security tools, log sources, and integrations.
- Coordinate with platform teams to deploy, configure, and validate new security technologies.
- Oversee SIEM architecture enhancements, parser development, log ingestion, and normalization.
- Participate in deployment of EDR, UEBA, SOAR, Threat Intel, Network Security and other security platforms.
- Ensure successful end-to-end implementation: requirement gathering → configuration → testing → go live.
- Drive continuous platform upgrades, configuration finetuning, and operational improvements. ________________________________________ Technical Expertise
- Strong understanding of cyberattacks, threat vectors, MITRE ATT&CK; techniques, malware behaviour, and incident response frameworks.
- Expertise across Windows, Linux, and Unix environments.
- Strong knowledge of TCP/IP, DNS, DHCP, routing, packet analysis, and network security architecture.
- Hands-on experience with: o SIEM (Splunk, QRadar, crowdstrike etc.) o IDS/IPS, UEBA, EDR, SSL inspection, Packet analysis tools o CrowdStrike Falcon (deep experience in policies, detection tuning, RTR, investigation) o SOAR platforms (automation playbooks, workflow creation, integration) o Ticketing systems such as JIRA, ServiceNow
- Strong expertise in Vulnerability Management, VAPT, and scanning activities (tools and remediation workflows). ________________________________________ Leadership & Collaboration
- Mentor, guide, and train L1 and L2 analysts on incident handling, detection techniques, and SOC maturity.
- Collaborate with cross-functional teams (Infra, IT, Cloud, Network, Risk, Application teams).
- Provide technical recommendations for remediation, risk reduction, and improved security posture.
- Create and deliver clear, actionable incident reports, executive summaries, and technical documentation. ________________________________________ Additional Responsibilities
- Monitor, assess, and respond to high severity alerts in a 24×7 SOC environment.
- Perform ongoing threat analysis, vulnerability assessment, and incident trend analysis.
- Participate in tabletop exercises, after-action reviews, and cyber readiness activities.
- Handle and support any additional SOC responsibilities as assigned. PHYSICAL DEMANDS: Note: Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions as described. Regular eye-hand coordination and manual dexterity is required to operate office equipment. The ability to perform work at a computer terminal for 6-8 hours a day and function in an environment with constant interruptions is required. At times, Team Members are subject to sitting for prolonged periods. Infrequently, Team Member must be able to lift and move material weighing up to 20 lbs. Team Member may experience elevated levels of stress during periods of increased activity and with work entailing multiple deadlines. A is only intended as a guideline and is only part of the Team Member’s function. The company has reviewed this to ensure that the essential functions and basic duties have been included. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. Apply on Kit Job: kitjob.in/job/4mwjwq