Technical & Bus Analyst - Data & Applications

Tata Consultancy Services Limited
Stone Mountain, United States of America
7 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 125K

Job location

Stone Mountain, United States of America

Tech stack

API
Amazon Web Services (AWS)
Audit Trail
User Authentication
Azure
Cloud Computing
Computer Security
DNS
Error Codes
Information Model
Intrusion Detection and Prevention
JSON
Log Analysis
Runbook
Security Information and Event Management
Syslog
Data Logging
Software Security
Mitre Att&ck
Splunk

Job description

  • Validate log types, formats, schemas, and logging methods (syslog, API, CloudTrail, JSON, custom formats).

  • Define onboarding requirements including event types, fields, timestamps, user identity, error codes,

  • and security-critical attributes.

  • Evaluate logs for completeness, reliability, and compliance with industry standard schemas.

  • Map log sources to Splunk's Common Information Model (CIM) or equivalent normalization frameworks.

  • Log parsing, field extraction, enrichment, and timestamp normalization.

  • Development of CIM-compliant extractions for all new log sources.

  • Documentation of field dictionaries, mappings, and SIEM source type definitions.

  • Validation of proper taxonomy alignment across categories such as:

o Authentication o Authorization o Application activity o Network activity o Security events o Error/failure conditions o Administrative and privileged actions

  • Mapping application behaviors to relevant attack techniques (MITRE ATT&CK).

  • Identifying and documenting detection opportunities.

  • Authoring and implementing:

o Correlation searches o Behavioral detections o Anomaly models o High-fidelity alert logic

  • Ensuring each detection has:

o Defined data dependencies o Operational owner o Severity/priority rating o Triage response play

  • Operationalizing detections into Security Operations Runbooks, including:

o Preconditions

  • Indicators & patterns

Requirements

Must Have Technical/Functional Skills Technical Expertise

  • 5+ years working with SIEM platforms (Splunk preferred).

  • Advanced experience with CIM, ECS, or equivalent log normalization schemas.

  • Strong understanding of:

o JSON logging o Syslog/NXLog o Cloud logging architectures (AWS/GCP/Azure) o Application security telemetry o OSQuery / EDR / DNS / WAF logs

  • Proven ability to write:

o Source type definitions o Field extraction rules o Correlation logic o Detection playbooks Cybersecurity Knowledge & Competency

  • Familiarity with MITRE ATT&CK, SIGMA rules, NIST 800-53 frameworks.

  • Experience supporting SOC, IR, SIEM, Detection Engineering, or Threat Ops teams.

  • Understanding modern attack techniques, identity abuse patterns, and cloud threats.

Apply for this position