Csa Siem Admin

**CSA SIEM Admin (Sentinel), AVP**:
**Job ID**:R0386120

**Full/Part-Time**:Full-time

**Regular/Temporary**:Regular

**Listed**:2025-04-29

**Location**:Bangalore

**Position Overview**:
**Job Title: CSA SIEM Admin (Sentinel)**

**Corporate Title: Assistant Vice President**

**Location: Bangalore, India**

**Role Description**

The COO Chief Information Security Office (CISO) is responsible for addressing information security risks to the Deutsche Bank global IT, as a Security Engineer-AVP, you will play a key technical role in our SIEM Operations team within the Global Cyber Security Engineering & Architecture organization. You will serve as a technical expert for the platform engineering and provide 24x7x365 support for critical security technologies. The role primarily entails hands on technical product design, build & support of multi SIEM platforms Microsoft Sentinel, Chronicle, Splunk. You will be part of a global SIEM Operations Team.

**What we’ll offer you**

As part of our flexible scheme, here are just some of the benefits that you’ll enjoy
- Best in class leave policy
- Gender neutral parental leaves
- 100% reimbursement under childcare assistance benefit (gender neutral)
- Sponsorship for Industry relevant certifications and education
- Employee Assistance Program for you and your family members
- Comprehensive Hospitalization Insurance for you and your dependents
- Accident and Term life Insurance
- Complementary Health screening for 35 yrs. and above

**Your key responsibilities**
- Configure, manage, and optimize Microsoft Sentinel for efficient threat detection and response.
- Ensure SIEM infrastructure is running optimally, including performance monitoring and issue resolution.
- Regularly update and optimize SIEM policies, rules and configurations based on evolving threats.
- Onboard, configure, and manage data connectors from various log sources, including cloud, on-premises, and hybrid environments.
- Ensure log ingestion health and troubleshoot data collection issues.
- Develop, implement, and fine-tune analytics rules, detection logic, and playbooks in Sentinel.
- Assist SOC and incident response teams with log analysis, threat correlation, and incident investigation.
- Reduce false positives by refining detection rules and optimizing event filtering.
- Implements and maintains Splunk platform infrastructure and configuration.
- Designs and optimizes Splunk platform architecture for large-scale and distributed deployments.
- Good understanding of security frameworks, vulnerability management, and incident response
- Implement and enhance automation using Kusto Query Language (KQL), **Logic Apps**, and Microsoft Defender XDR integrations.
- Maintain SIEM compliance with security policies, industry regulations (e.g., GDPR, NIST, ISO 27001), and best practices.
- Generate reports and dashboards to provide visibility into security posture and SIEM performance.
- Experience managing Linux and Windows agents in a Splunk environment.
- Strong understanding of Splunk system architecture and best practices.
- Work with SOC, IT, and Cloud Security teams to enhance Sentinel capabilities.
- Document SIEM configurations, detection use cases, and operational procedures.
- Incident & Problem Management, Change & Release Management, Vendor Management, Capacity Management functions for the platform.
- Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and cyber security best practices.
- Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence.
- Passionate about data to drive information-based security analytics.
- Value add - Person in having experience in Cloud Management, Splunk and Chronicle.

**Your skills and experience**
- 8+ years of IT engineering experience with recent experience in building and managing infrastructure and security platforms.
- 3+ years of Experience implementing, architecting and administering SIEM platforms like Sentinel, Chronicle, Splunk for a large global organization.
- Knowledge of **Azure services**and data ingestion from those services into SIEM.
- Familiarity with MITRE ATT&CK, cyber threat intelligence and SOC Workflows
- Understanding of SOAR Principles
- Hands on Experience with Microsoft Azure platform, managing various configurations to enable & manage Sentinel.
- Experience developing in XML, Bash, Python, and PowerShell scripts.
- DevOps Engineering experience.(Terraform, SDLC, Actions)
- Independent, self-motivated, proactive approach to problem solving and prevention.
- Excellent written and verbal communication skills.
- Passionate about cyber security and the aptitude to identify and solve security problems.

**How we’ll support you**
- Training and development to help you excel in your career
- Coaching and support from experts in your team
- A culture of continuous learning to aid progression
- A range of flexible benefits that you can t