Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Security Information and Event Management (SIEM)
Good to have skills : NA
Minimum
5 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary:
As a Security Architect, a typical day involves designing and establishing a comprehensive cloud security framework that aligns with organizational objectives and performance standards. This role includes creating detailed documentation for the deployment of cloud security controls and overseeing the smooth transition of these controls into managed cloud security operations. The position requires continuous collaboration with various teams to ensure that the security architecture supports business needs while maintaining operational efficiency and resilience in a cloud environment.
Roles & Responsibilities:
- Develop and maintain incident response plans, playbooks, escalation paths, and communication templates.
- Work with internal and external resources to ensure proper logging, alerting, forensic collection, and response capabilities are in place.
- Participate in tabletop exercises, purple team activities, incident simulations, and lessons-learned reviews.
- Help define severity classifications, response SLAs, escalation criteria, and evidence-handling procedures.
- Maintain readiness for common incident types, including phishing, business email compromise, malware, ransomware, credential compromise, insider threat, data exposure, cloud compromise, and unauthorized access.
- Lead technical investigations into suspected or confirmed security alerts and incidents.
- Correlate activity across endpoint, identity, cloud, network, email, and application logs.
- Perform timeline analysis, scope assessment, root-cause analysis, and impact determination.
- Identify indicators of compromise, attacker tactics, persistence mechanisms, lateral movement, privilege escalation, and data access patterns.
- Use threat intelligence and MITRE ATT&CK mapping to contextualize attacker behavior.
- Determine whether an alert represents benign activity, policy violation, misconfiguration, attempted compromise, or confirmed compromise
- Coordinate and perform where appropriate containment actions such as host isolation, account disablement, token revocation, firewall blocks, email quarantine, access removal, and cloud control changes.
- Work with system owners and IT teams to remove persistence, remediate exploited weaknesses, and restore secure operations.
- Validate that threats have been removed and that recovery actions are complete.
- Support evidence preservation and chain-of-custody practices when required.
- Communicate technical findings clearly to both security and non-security stakeholders.
- Lead or contribute to post-incident reviews.
- Document root cause, timeline, business impact, control gaps, and corrective actions.
- Translate incident findings into improved detections, playbooks, automation, hardening guidance, and training.
- Track remediation items through completion.
- Identify recurring patterns and recommend strategic improvements to prevent similar incidents.
- Build, test, tune, and maintain detections across SIEM, EDR, cloud, identity, SaaS, and network platforms.
- Develop detection logic using query languages such as KQL, SPL, SQL, Sigma, YARA, or platform-specific equivalents.
- Create detections mapped to threat behaviors, attack chains, and MITRE ATT&CK techniques.
- Conduct proactive threat hunting based on emerging threats, abnormal behavior, attacker tradecraft, and internal risk signals.
- Validate detections through testing, simulation, purple team exercises, or historical incident data.
- Document detection purpose, logic, assumptions, known limitations, triage guidance, and response steps.
- Partner with engineering and infrastructure teams to improve telemetry collection and logging standards.
Professional & Technical Skills:
- Must To Have Skills: Proficiency in Security Information and Event Management (SIEM).
- Strong expertise in cloud security frameworks and architecture design.
- Experience in documenting and implementing cloud security controls and policies.
- Ability to analyze security risks and develop mitigation strategies within cloud environments.
- Familiarity with security monitoring, incident response, and threat detection techniques.
- Skilled in collaborating with cross-functional teams to integrate security solutions effectively.
Additional Information:
- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).
- This position is based at our Gurugram office.
- A 15 years full time education is required.
15 years full time education
About Accenture
Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent- and innovation-led company with approximately 791,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology and leadership in cloud, data and AI with unmatched industry experience, functional expertise and global delivery capability. Our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Song, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients reinvent and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities.
Visit us at www.accenture.com
Equal Employment Opportunity Statement
We believe that no one should be discriminated against because of their differences. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, military veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by applicable law. Our rich diversity makes us more innovative, more competitive, and more creative, which helps us better serve our clients and our communities.