Platform Administrator

Job Title: Platform Administrator - NextGen SIEMLocation: Bangalore (on site)Experience Level: 4 - 8 yearsAbout ColorTokensColorTokens specializes in advanced security solutions designed to safeguard organizations' assets and critical systems from cyber threats. Our flagship product, Xshield Enterprise Microsegmentation platform, empowers organizations to prevent initial compromises from escalating into damaging crises. By emphasizing proactive security measures, ColorTokens ensures comprehensive protection for critical workloads and data, enabling organizations to stay "breach ready."With a clientele spanning some of the world's largest organizations, including prominent cancer research centers, cities, and national defense departments, ColorTokens serves industries handling sensitive information and subject to stringent regulatory requirements.ColorTokens' cloud-delivered platform streamlines onboarding efforts and reduces maintenance costs for organizations. Providing pervasive protection, their platform covers data center servers, legacy systems, cloud workloads, containers, and operational technology (OT) and Internet of Things (IoT) devices.The company's recognition as a Strong Performer in the Forrester New Wave: Microsegmentation report solidifies ColorTokens' reputation as a trusted provider of microsegmentation solutions for organizations seeking to enhance their security posture.Our CultureWe foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously.Self-starters and high-motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of world's impactful organizations – be it a children's hospital, or a city, or the defense department of an entire country.Learn more at www.colortokens.com.Company Overview:ColorTokens is a fast-growing cybersecurity product company that is redefining the way enterprises protect their digital assets. Our market-leading Xshield platform enables Zero Trust microsegmentation and real-time visibility into application traffic, ensuring robust protection against modern cyber threats. We are looking for passionate and driven individuals to join our mission in building cutting-edge security products.Position Overview:Colortokens is seeking a highly skilled and motivated Platform Administrator to manage, maintain, and optimize our NextGen Security Information and Event Management (SIEM) platform. The ideal candidate will oversee the day-to-day operations, ensure seamless integration of customer log sources, security tools, and provide robust support to the security operations team. This role requires a strong technical background, hands-on experience with SIEM platforms, and a proactive approach to enhancing security posture.Key Responsibilities:SIEM Platform Administration- Deploy, configure, and maintain the NextGen SIEM platform (e.g., Stellar Cyber, Splunk, Sentinel, QRadar, Chronicle, Exabeam etc).- Perform regular updates, patches, and upgrades to ensure platform security and functionality.- Monitor platform health, performance, and availability, ensuring optimal uptime.Log Source Management- Onboard new log sources, ensuring proper data ingestion and parsing from various environments (endpoints, servers, cloud platforms, applications).- Troubleshoot and resolve issues related to log ingestion, parsing, and formatting.- Maintain log retention policies in alignment with compliance requirements.Rule and Use Case Management- Develop, deploy, and fine-tune detection rules, correlation use cases, and alerts.- Continuously update use cases based on emerging threats, business needs, or compliance mandates.- Collaborate with SMEs and SOC analysts to refine detection capabilities and reduce false positives.Integration and Automation- Integrate the SIEM platform with other security tools (EDR, microsegmentation solution, vulnerability scanners, etc.).- Design and implement automation workflows for incident detection, investigation, and response.Platform Security and Compliance- Enforce platform access control policies, ensuring role-based access and least privilege principles.- Ensure the SIEM adheres to regulatory compliance standards (e.g., SOC2, ISO 27001).- Conduct regular audits and ensure the platform is free of vulnerabilities.Collaboration and Support- Work closely with SOC analysts, threat hunters, and engineers to align the SIEM capabilities with security goals.- Provide technical support to users of the SIEM platform.- Offer training and documentation for security teams on effective SIEM usage.- Be available round the clock in case of any incidents with the platform.Performance Monitoring and Optimization- Monitor and optimize storage and indexing performance.- Proactively identify bottlenecks and improve platform scalability.- Generate reports on platform performance and alerting effectiveness.Incident Support- Assist the SOC team with root cause analysis and advanced investigations.- Ensure forensic data is readily available during incident response.Education and Certifications:- Bachelor's degree in computer science, Information Security- Relevant certifications such as Splunk Certified Admin, Microsoft Certified: Security Operations Analyst Associate, QRadar Certification, or similar NextGen SIEM certifications are highly desirable along with CISSPRelevant Experience:- 4- 8 years of experience in managing SIEM platforms (traditional or NextGen).- Strong hands-on experience with at least one NextGen SIEM platform (e.g., Stellar Cyber, Splunk, Sentinel, Chronicle, Exabeam).- Experience with log management, rule creation, and data onboarding.- Familiarity with scripting languages (e.g., Python, PowerShell) for automation.Technical Skills:- In-depth understanding of log formats, protocols (e.g., Syslog, JSON, XML), and data pipelines.- Proficiency in querying languages (e.g., KQL, SPL, AQL).- Experience integrating SIEMs with security tools like EDR, SOAR, NDR, and threat intelligence platforms.- Knowledge of security frameworks such as MITRE ATT&CK, NIST, or CIS.Soft Skills:- Strong analytical and troubleshooting skills.- Excellent verbal and written communication skills.- Ability to work collaboratively in a fast-paced environment.Preferred Skills:- Familiarity with cloud-based security solutions (e.g., AWS, Azure, Google Cloud).- Experience in implementing machine learning or anomaly detection in SIEM use cases.- Exposure to SOAR tools (e.g., Palo Alto Cortex XSOAR, Splunk Phantom).Key Metrics for Success:- Uptime and performance of the SIEM platform.- Number of new log sources and use cases onboarded.- Reduction in false positives and tuning of alerts.- Timely resolution of platform-related issues.- Alignment of the platform with business and security requirementsWhy Join Us?- Work on a cutting-edge cybersecurity product in a fast-paced startup environment.- Collaborate with a world-class team of engineers and security experts.- Opportunity to learn, grow, and make a real impact from day one.