Principal Security Technical Architect

Bengaluru, IN (Hybrid)  •  4 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive.

– Splunk Architect / SIEM Assessment Lead

The role requires leading and executing enterprise-scale SIEM assessments and transformation initiatives, with a strong focus on Splunk-based security platforms. The candidate will be responsible for conducting deep-dive technical evaluations, defining target-state architectures, and driving remediation and optimization strategies across the SIEM landscape.

Key responsibilities include:

  • Lead and deliver end-to-end SIEM platform assessments, evaluating current-state architecture, maturity, scalability, and operational effectiveness of Splunk environments
  • Perform detailed technical validation of existing artifacts, including architecture diagrams, data flow models, ingestion pipelines, and operational runbooks
  • Assess security control effectiveness, identify architectural and operational gaps, and define actionable, risk-aligned remediation strategies
  • Own the creation of architect-level deliverables, ensuring alignment with enterprise standards, governance frameworks, and long-term maintainability
  • Partner with Security Assurance and Governance teams to define and integrate operational and technical requirements into ongoing and future initiatives
  • Drive and enforce Common Information Model (CIM) compliance, ensuring data onboarding aligns with Splunk Enterprise Security requirements and detection frameworks

SIEM Assessment – Functional Responsibilities

Execute structured SIEM assessments across the following domains:

System Architecture & Platform Engineering

  • Evaluate Splunk topology (forwarders, indexers, search heads, clustered deployments) with focus on high availability, fault tolerance, and horizontal scalability
  • Assess performance tuning, indexing throughput, search optimization, and data retention strategies
  • Validate platform health monitoring, observability, and integration with external systems (e.g., ITSM / ServiceNow Security Incident Response)

Data Engineering & Management

  • Analyze data onboarding lifecycle, including prioritization, ingestion pipelines, parsing, normalization, and enrichment
  • Evaluate data quality, timestamp accuracy, event breaking, and CIM alignment
  • Assess license consumption patterns, filtering strategies, and ingestion optimization frameworks

Detection Engineering & Use Case Development

  • Evaluate use case intake, prioritization, and lifecycle management
  • Review detection engineering practices, including correlation searches, detection-as-code models, and ES content alignment
  • Assess coverage maturity against business risks and threat scenarios

Governance & Operating Model

  • Evaluate SIEM governance frameworks, policies, standards, and compliance alignment
  • Assess operating models, RACI structures, stakeholder engagement mechanisms, and training enablement programs
  • Review effectiveness of working groups, review boards, and continuous improvement processes

Required Skills – Mandatory (Strict Selection Criteria)

  • Mandatory Certification: Active Splunk Enterprise Certified Architect (Administrator certification alone is insufficient for this role)
  • Experience:
    • 10+ years overall experience in Security / SIEM / Observability
    • Minimum 5+ years of hands-on experience with Splunk Enterprise Security (ES) in large-scale enterprise environments
  • Proven experience in leading SIEM assessments, transformation programs, and architectural reviews leveraging Splunk platforms
  • Deep expertise in Splunk architecture design, including:
    • Indexer clustering, search head clustering, deployment strategies
    • High availability design, disaster recovery, and capacity planning
    • Performance tuning and large-scale data handling
  • Advanced hands-on expertise in data onboarding and ingestion engineering, including:
    • Complex parsing and transformation (props.conf / transforms.conf)
    • Data routing, filtering, enrichment, and pipeline optimization
    • Implementation and validation of CIM-compliant data models
  • Demonstrated ability to design and build complex, customer-specific Splunk applications, aligned to real-world use cases (e.g., SOC operations, fraud analytics, operational intelligence), beyond basic dashboards and reporting
  • Strong capability in independent troubleshooting of Splunk infrastructure, including:
    • Ingestion delays, parsing issues, cluster inconsistencies, search performance bottlenecks
    • Root cause analysis using internal logs and metrics
    • Ability to resolve issues without heavy reliance on vendor support
  • Proven track record in delivering Architect-level outputs, including:
    • High-Level Design (HLD) and Low-Level Design (LLD)
    • Detailed architecture and data flow diagrams
    • SIEM assessment reports and maturity models
    • Data onboarding standards, governance frameworks, and optimization strategies
    • Remediation roadmaps and performance improvement plans
  • Strong understanding and applied expertise of Replication Factor and Search Factor, with hands-on experience in clustered environments
  • Excellent stakeholder management, communication, and leadership skills, with the ability to:
    • Lead cross-functional teams and advisory engagements
    • Engage with senior stakeholders (CISO, EA, Security Leads)
    • Drive technical decision-making and governance alignment

Workplace type

Hybrid Working

About NTT DATA
NTT DATA is a $30+ billion business and technology services leader, serving 75% of the Fortune

Global 100. We are committed to accelerating client success and positively impacting society through

responsible innovation. We are one of the world’s leading AI and digital infrastructure providers, with

unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and

application services. Our consulting and industry solutions help organizations and society move

confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more

than 70 countries. We also offer clients access to a robust ecosystem of innovation centers as well as

established and start-up partners. NTT DATA is part of NTT Group, which invests over $3 billion each

year in R&D.

Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Third parties fraudulently posing as NTT DATA recruiters

NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters whether in writing or by phone in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an @nttdata.com email address. If you suspect any fraudulent activity, please contact us

Company

About Company

Industry
Unknown
Company Size
Unknown
Headquarters
Unknown
Year Founded
Unknown
Website
Unknown
Social Media
Unknown