Cybersecurity consultant

We are looking for highly skilled cybersecurity consultants with extensive hands-on experience in SOC design, SIEM engineering, Incident Response, Threat Detection, and building cybersecurity maturity. Consultants should be proficient in building SOCs from scratch, developing SIEM use-cases, MITRE mapping, IR playbooks, and defining cybersecurity strategy.

Key Responsibilities:

Lead technical cybersecurity discussions with IT, vendors, and stakeholders.

Ensure alignment with regulatory requirements and security best practices.

Enhance and maintain SIEM/SOC operations, including rule tuning, process development, and SOC setup (if needed).

Required Expertise:

Strong hands-on experience in SIEM/SOC design and operations

Cybersecurity governance and risk management

Security architecture reviews

Ability to engage effectively with IT/Security teams

Experience in banking, finance, telco, or enterprise environments

15–20 years of practical cybersecurity experience

1 Cybersecurity Architecture Assessment & Strategy

• Lead a full end-to-end evaluation of the organization’s existing SIEM architecture, SOC operations, and IR capabilities.
• Assess effectiveness across people, processes, and technology, identifying strengths, gaps, and opportunities for enhancement.
• Benchmark current cybersecurity maturity against industry standards (e.g., NIST CSF, ISO 27001, MITRE ATT&CK).
• Develop a prioritized roadmap for SIEM/SOC/IR optimization and modernization.

2. SIEM Optimization & Enhancement

• Redesign SIEM architecture and data ingestion strategy to improve visibility, performance, and event fidelity.
• Enhance log parsing, normalization, enrichment, and ingestion from critical sources (cloud, endpoints, identity, OT/ICS, network, and security tools).
• Refine correlation logic, detection use cases, and alert tuning methodologies to reduce false positives and increase detection accuracy.
• Implement advanced detection techniques mapped to MITRE ATT&CK, including custom rules, dashboards, and analytics.
• Establish SIEM governance processes, rule-tuning standards, and performance optimization practices.

3. SOC Maturity Improvement & Operational Excellence

• Conduct a deep review of SOC workflows, tiered responsibilities, shift coverage, and tooling integration.
• Redesign triage and escalation workflows to improve response efficiency and adherence to SLAs.
• Enhance tool interoperability (SIEM, SOAR, ticketing, TIP, EDR) to streamline end-to-end detection and response.
• Develop or refine IR playbooks for priority incident types (phishing, malware, insider threat, cloud compromise, etc.).
• Lead SOC modernization initiatives including automation, orchestration, and analyst enablement.

4. Incident Response Uplift

• Evaluate and enhance incident response strategies, containment approaches, escalation paths, and communication flows.
• Conduct tabletop exercises, technical simulations, and scenario-based training to improve analyst readiness.
• Improve coordination across IT, security, compliance, and risk teams during incident handling.
• Advise leadership on best practices, emerging threats, and enterprise IR preparedness.

5. Implementation Leadership & Delivery

• Drive the successful implementation of all improvements identified during the assessment phase.
• Manage cross-functional workstreams, ensuring timely delivery of SIEM/SOC enhancements.
• Ensure all changes align with cybersecurity best practices, compliance requirements, and business objectives.
• Track progress using KPIs such as MTTD, MTTR, correlation accuracy, false-positive rates, and detection coverage.