CSA SIEM Admin

Job Title: CSA SIEM Admin (Splunk, Sentinel)

Corporate Title: Assistant Vice President

Location: Bangalore, India

Role Description

• The COO Chief Security Office (CSO) is responsible for addressing information security risks to the Deutsche Bank global IT, as a Security Engineer-AVP, you will play a key technical role in our SIEM Operations team within the Global Cyber Security Engineering & Architecture organization.
• You will serve as a technical expert for the platform engineering and provide 24x7x365 support for critical security technologies. 
• The role primarily entails hands on technical product design, build & support of multi SIEM platforms Microsoft Sentinel, Chronicle, Splunk.  You will be part of a global SIEM Operations Team. 

What we'll offer you

As part of our flexible scheme, here are just some of the benefits that you'll enjoy

• Best in class leave policy
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above

Your key responsibilities

• Maintain, upgrade, and troubleshoot issues with SPLUNK (on-pren/cloud) multi-site clusters.
• Design, develop, recommend, and implement Splunk dashboards and alerts in support of the Incident Response team.
• Manage patching and updates of Splunk hosts and/or Splunk application software.
• Monitoring the health and performance of the Splunk environment and troubleshooting any issues that arise.
• Working experience as Splunk Administrator with Cluster Building, Data Ingestion Management, User Role Management Search Configuration and Optimization
• Designs and optimizes Splunk platform architecture for large-scale and distributed deployments.
• Establishes best practices and development standards, and ensures that the team adopts them.
• Configure, manage, and optimize Microsoft Sentinel for efficient threat detection and response.
• Ensure SIEM infrastructure is running optimally, including performance monitoring and issue resolution.
• Regularly update and optimize SIEM policies, rules and configurations based on evolving threats.
• Onboard, configure, and manage data connectors from various log sources, including cloud, on-premises, and hybrid environments.
• Ensure log ingestion health and troubleshoot data collection issues.
• Develop, implement, and fine-tune analytics rules, detection logic, and playbooks in Sentinel.
• Assist SOC and incident response teams with log analysis, threat correlation, and incident investigation.
• Reduce false positives by refining detection rules and optimizing event filtering.
• Implement and enhance automation using Kusto Query Language (KQL), Logic Apps, and Microsoft Defender XDR integrations.
• Maintain SIEM compliance with security policies, industry regulations (e.g., GDPR, NIST, ISO 27001), and best practices.
• Generate reports and dashboards to provide visibility into security posture and SIEM performance.
• Work with SOC, IT, and Cloud Security teams to enhance Sentinel capabilities.
• Document SIEM configurations, detection use cases, and operational procedures.
• Incident & Problem Management, Change & Release Management, Vendor Management, Capacity Management functions for the platform.
• Maintain up-to-date knowledge of technology standards, industry trends, emerging technologies, and cyber security best practices.
• Ensure technical issues are quickly resolved and help implement strategies and solutions to reduce the likelihood of recurrence.
• Passionate about data to drive information-based security analytics.
• Value add - Person in having experience in Cloud Management, Splunk and Chronicle.

Your skills and experience

The candidate must have Engineering Background in Computer Science, Information Technology, Cybersecurity or related field and a minimum of 8+ years of experience with recent experience in Security engineering, system administration, network engineering, software engineering/development with a focus on Cybersecurity.

• 8+ years of IT engineering experience with recent experience in building and managing infrastructure and security platforms.
• 3+ years of Experience implementing, architecting and administering SIEM platforms like Sentinel, Chronicle, Splunk for a large global organization.
• Knowledge of Azure services and data ingestion from those services into SIEM. 
• Familiarity with MITRE ATT&CK, cyber threat intelligence and SOC Workflows
• Understanding of SOAR Principles
• Hands on Experience with Microsoft Azure platform, managing various configurations to enable & manage Sentinel.
• Experience developing in XML, Bash, Python, and PowerShell scripts.
• DevOps Engineering experience.(Terraform, SDLC, Actions)
• Independent, self-motivated, proactive approach to problem solving and prevention.
• Excellent written and verbal communication skills.
• Passionate about cyber security and the aptitude to identify and solve security problems.

How we'll support you

• Training and development to help you excel in your career
• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• A range of flexible benefits that you can tailor to suit your needs

About us and our teams

Please visit our company website for further information:

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.

Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group.

We welcome applications from all people and promote a positive, fair and inclusive work environment.