Lead Security Data Engineer

NorthStar HR Consultants (Eluru, AP, India) Follow 1 day ago

Full-time

Job Title - Lead Security Data Engineer

Job Location - Pune, Maharashtra

Must Have Skills - Python automation, Data engineering, Data Integration, Data Parsing, Data Analysis

Position Overview

As a Lead Security Data Engineer, you will execute, build, and maintain processes and systems to protect our customers’ data from identity-related issues (threats, risks, governance, and compliance) focusing on the best possible onboarding and integration of customers’ data, identifying the correct data sources, formats and schema, defining and tuning the policies/rules/playbooks, creating appropriate whitelists and blacklists, monitor and tune the data pipelines, warehouses and infrastructure by applying identity security best practices, access management, and monitoring for unauthorized/unusual access or breaches. You need to blend data engineering skills (building optimal data flows) with cybersecurity expertise (identity protection/security).

Responsibilities

Work with Sales Engineering and Solution Architects during the technical onboarding process for customers, from initial kick-off to full operational status, to achieve the best possible solution for customers with the optimal information/data architecture.
Integrate customers’ data sources - IdPs, SASE, network, endpoints, cloud platforms, applications, services, etc. - into the data pipeline.
Serve as a trusted technical advisor to the field team (and indirectly to customers and partners) around customer data and policies/rules/playbooks - guiding data collection & integration, data analysis, best practices, and security architecture.
Act as the primary/lead technical coordinator for monitoring, diagnosing, and resolving source and data-level issues that impede the best data collection & integration.
Review and give feedback on security plans, network/cloud diagrams, customer environment diagrams, and identity security requirements.
Perform customer data architecture assessments, content baseline assessments, and design reviews.
Work with the Engineering team to develop and configure custom parsers and data connectors to ensure accurate data ingestion, transformation, normalization, ingestion, and indexing.
Work (through the field team) with customers’ Security Operations Center (SOC) and/or identity security team to ensure the best possible onboarding and operations.
Contribute to the continuous improvement of our onboarding and operational processes, creating documentation and automation scripts to increase efficiency.
Help define, implement, and monitor key risk indicators and key performance indicators (KRIs/KPIs).
Leverage the platform and backend databases/warehouses to monitor and analyze identity-related issues and identity false positives. Tune parameters within the platform accordingly. Give feedback to Product/Engineering on enhancements.
Developing actionable use cases to detect, triage, investigate, and remediate based on the latest threat/security trends, including actual technical implementation of parsing data sources, creating, validating, and testing alerting queries to reduce false positives.
Develop scripts to simplify data collection and automate data onboarding tasks.
Participate in regular calls with customers to ensure alignment with their security objectives and address any concerns or questions they may have. Provide weekly reports on data architecture, posture, incidents, and mitigation efforts.
Collaborate closely with product management, the engineering team, and other stakeholders throughout the product development lifecycle.
Keep abreast of the latest IT security, regulatory, and compliance trends to support various risk and data models.
Maintain accurate and detailed documentation of all activities.
Thrive in a dynamic startup environment, contributing to a culture of innovation and excellence.

Requirements

8+ years of hands-on experience in SIEM/SOC/cybersecurity data engineering, with a focus on networking and/or IAM (identity security).
Proficiency in security analysis tools and technologies, including SIEM, SOC, and SOAR solutions, and XDR/EDR.
Proficiency in basic data engineering and analysis.
Understanding of common network concepts such as segmentation, subnets, VPN, and routing/switching. Understanding of basic networking protocols such as TCP/IP and HTTP.
Proficiency in some scripting and programming language (e.g., Python) for automation, data analysis, and scripting purposes, enabling the creation of efficient analysis scripts and automation workflows to enhance security operations and streamline processes.
Decent understanding of IAM and identity security concepts like IAM, IDP, etc.
Familiarity with Linux and Windows.
Excellent attention to detail, analytical and problem-solving skills, with the ability to analyze complex security incidents and recommend effective mitigation strategies.
A solid understanding of cybersecurity concepts, principles, and best practices, with experience in security testing methodologies and tools, is a significant advantage.
Good to have - Relevant certifications such as CISSP, CISM, CISA, CompTIA Security+, or GIAC certifications (e.g., GCIH, GCIA).
Strong communication and collaboration skills.
Ability to thrive in a fast-paced, dynamic work environment.
Master’s or Bachelor's degree in Computer Science, Cybersecurity, IT, Engineering, or a related field.