Security Analyst - India
Persistent Systems · Pune Division, Maharashtra, India
Persistent Systems · Pune Division, Maharashtra, India
**About Persistent** We are an AI-led, platform-driven Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients anticipate what?s next. Our offerings and proven solutions create a unique competitive advantage for our clients by giving them the power to see beyond and rise above. We work with many industry-leading organizations across the world, including 20 Fortune 50 companies and 4 of the 5 top banks in both the US and India, and numerous innovators across the healthcare ecosystem. Our disruptor?s mindset, commitment to client success, and agility to thrive in the dynamic environment have enabled us to sustain our growth momentum. Persistent has been recognized across top industry platforms for innovation, leadership, and inclusion. We reported $1,654.4M FY26 revenue with 17.4% Y-o-Y growth. We have delivered 24 sequential quarters of growth with $436.0M in Q4 FY26 revenue, up 3.2% Q-o-Q and 16.2% Y-o-Y growth. Our 27,500+ global team members, located in 18 countries, have been instrumental in helping the market leaders transform their industries. We have been recognized as the Fastest Growing IT Services Brand Globally in the 2026 Brand Finance IT Services 25 Report. We named a Leader in the Everest Group Private Equity (PE) Services PEAK Matrix� Assessment 2026 and Software Product Engineering PEAK Matrix� Assessment 2026. **About Position** The Splunk SIEM Administrator Content Engineering SME will be responsible for the design, administration, optimization, and continuous improvement of Splunk-based SIEM platforms supporting enterprise SOC operations. This role combines deep Splunk administration expertise with advanced detection engineering and use case development capabilities, ensuring high-quality security monitoring, threat detection, and incident response enablement.The candidate will act as a technical SME, supporting SOC teams, improving detection fidelity, reducing false positives, and ensuring the SIEM platform operates at scale with high availability, performance, and compliance. **Role: Security Analyst** **Location: Pune** **Experience: Between 5 to 8 Years** **Job Type: Full Time Employment** **What You'll Do** - Splunk SIEM Administration - Administer and maintain enterprise-scale Splunk SIEM infrastructure, including: o - Indexers, Search Heads, Cluster Masters, Deployment Servers, and Forwarders - Ensure high availability, scalability, and performance tuning of Splunk environments. - Perform capacity planning, indexing optimization, license monitoring, and data retention management. - Manage onboarding of log sources across security, infrastructure, application, cloud, and endpoint platforms. - Troubleshoot Splunk performance issues, ingestion delays, parsing errors, and search inefficiencies. - Implement Splunk upgrades, patches, and configuration changes in line with change management processes. - Ensure secure Splunk operations, including role-based access controls and data integrity. SIEM Content Engineering Detection Development - Design, develop, and maintain SIEM detection content, including: o - Correlation searcheso - Alertso - Risk-based alerts (RBA)o - Dashboards and reports - Create and fine-tune security use cases aligned to threat models such as MITRE ATTCK. - Optimize existing detection rules to: o - Reduce false positiveso - Improve signal-to-noise ratioo - Enhance SOC analyst efficiency - Develop advanced SPL queries for threat detection, investigations, and hunting use cases. - Support onboarding and normalization of data models using CIM (Common Information Model). SOC Enablement Incident Support - Act as an SME for SOC analysts, providing L3 support for: o - SIEM-related incidentso - Alert logic clarificationo - Detection improvements - Support incident investigations by developing ad-hoc queries and forensic searches. - Collaborate with SOC, IR, Threat Intelligence, and Vulnerability Management teams to enhance detection coverage. - Provide guidance on detection gaps and recommend new use cases based on emerging threats. Monitoring, Reporting Compliance - Develop operational and executive dashboards for: o - SOC performance metricso - Alert trendso - Detection coverage - Support compliance and audit requirements by providing SIEM evidence, reports, and data extracts. - Ensure SIEM content and operations align with internal security policies and regulatory requirements. Continuous Improvement Leadership - Continuously assess SIEM maturity and recommend enhancements in: o - Detection logico - Architectureo - Data onboarding strategy - Mentor junior SIEM engineers and SOC analysts on Splunk and detection engineering best practices. - Participate in security reviews, tabletop exercises, and purple team initiatives. - Stay current with Splunk product updates, security threats, and detection engineering trends. Key Deliverables - Stable and optimized Splunk SIEM platform with high availability and performance - High-quality detection content with measurable reduction in false positives - New and enhanced security use cases aligned to threat landscape - SOC dashboards and actionable reports - SIEM documentation, runbooks, and operational guides - Audit-ready evidence and compliance reports **Expertise You'll Bring** - Technical Skills1012 years of experience in SOC and SIEM operations - Hands-on expertise in Splunk Enterprise / Splunk ES administration - Strong proficiency in SPL (Search Processing Language) - Experience with: o - Splunk ESo - CIM data modelso - Risk-based alertingo - Log onboarding and normalization - Solid understanding of: o - Network, endpoint, cloud, and application security logso - Incident response and SOC workflows - Familiarity with MITRE ATTCK, threat detection, and security analytics Certifications (Mandatory) - Splunk Certified Power User / Admin / Architect / ES Certified (at least one required) - Experience working in lar