Company Summary

First American (India) is a GCC (Global Capability Center) of the First American Financial Corporation (NYSE: FAF) family of companies. FAI is a proud member of the FORTUNE 500 companies and has been amongst the Fortune 100 Best Companies to Work For® list for eight consecutive years. First American Financial Corporation provides comprehensive title insurance, closing/settlement, property data and technology solutions. First American (India) creates quality solutions for its customers by combining software, back office, and knowledge processing operations to fulfill First American's business requirements. Our priorities are our employees, customers, and shareholders - in that order. First American (India) has been ranked amongst India's Best Companies To Work For™ 2023: Listed amongst the Top 100 by Great Place To Work® India, FAI is also certified Best Workplaces for Women and Workplace with Inclusive Practices. Software Services helps build First American's product suite that encompasses the best in class Title Insurance, Settlement and Mortgage solutions platforms. Leverages technology product stack across Microsoft platform predominantly to develop, enhance and maintain the best in class applications. The R & D division delivers solutions for the title insurance industry leveraging the best of NLP, AI and ML.

Job Summary

This senior technical role is responsible for supporting, maturing, and expanding our Security Operations Center (SOC) logging and monitoring functions. This is a collaborative role and requires an advanced interdisciplinary technical background with skillsets in systems and application administration, data engineering, security operations, and detection engineering.

What You’ll Do:

• Design, implement, and maintain the SIEM infrastructure
• Utilize your knowledge of cloud environments to implement and support multi-cloud infrastructure deployments
• Utilize data management platform and other tools to enable efficient routing, parsing, and filtering of data
• Apply data engineering concepts such as data warehousing, real-time data processing, and data normalization to enhance the overall data infrastructure
• Leverage SIEM and data management platforms to collect, analyze, and correlate logs
• Lead SIEM detection engineering function to develop and fine-tune correlation rules, alerts, and dashboards to detect and respond to threats
• Contribute to the expansion of data engineering practices, leveraging advanced analytics and machine learning for proactive threat detection
• Participate in the purple team life cycle, collaborating with offensive and defensive security team to continuously improve detection and response strategies
• Identify and implement opportunities for automation to support operational excellence with the SIEM and data management tooling
• Collaborate with cross-functional teams to identify and mitigate security risks and vulnerabilities
• Perform regular audits of security configurations, policies, and procedures to ensure compliance with industry standards and regulations
• Stay up to date on latest security trends, tools, and best practices to continually enhance our SIEM capabilities
• Provide guidance and support to security engineers
• May be required to perform duties outside of normal work hours based on business needs.
• Lead onboarding of AWS, Azure, and GCP log sources into Splunk via Cribl.
• Normalize and transform data to make it CIM compliant for detection engineering use cases to build and Optimize Cribl Stream pipeline, routes and data flow for routing, filtering, enrichment and cost optimization.
• Troubleshoot ingestion and pipeline issue across Splunk Cribl and cloud environments.
• Collaborate with cloud , security, automation and detection team to ensure high quality usable data

What You’ll Bring:

• Extensive experience with SIEM, data management platforms, particularly Splunk and Cribl, including deployment, configuration, optimization, administration, and functional use of the tooling (e.g., integration of log sources into SIEM, searching cloud archives with Cribl, etc.)
• Strong understanding of network protocols, firewalls, intrusion detection systems, endpoint security solutions, and major cloud environments such as Azure, AWS, and GCP
• Demonstrated ability to deploy, configure, and secure infrastructure in Azure, AWS, and GCP
• Proficiency in scripting languages (e.g., Python, PowerShell, Bash) for automation and task simplification, experience with AWS Lambda and Azure Functions is a plus
• Strong understanding of security frameworks such as MITRE ATT&CK
• Hands on experience developing, tuning, and deploying security detections in SIEM
• Excellent analytical skills to identify, analyze, and resolve complex engineering issues
• Knowledge of security frameworks and standards (e.g., COBIT, NIST 800-53, ISO27001, SSAE16, SOC1, SOC2, etc.)
• Proficient in Microsoft Word, Excel, PowerPoint, Visio, with the ability to create clear and effective technical documentation and presentations
• Strong verbal and written communication skills; strong presentation skills
• Ability to manage multiple high-priority projects and tasks effectively, ensuring alignment with strategic security goals
• Ability to work collaboratively in a team-oriented environment, leading by example and fostering a culture of collaboration and continuous improvement
• Generally, requires a bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field., or equivalent work experience
• A minimum of 10 years information security experience, with a strong focus on SIEM, data management, and security operations
• Relevant certifications such as Splunk Certified Power User/Admin, Cribl Certified Admin, Security+, CEH, OSCP, CISSP, etc.
• Strong hands on experience with Splunk / Splunk cloud, Data onboarding, Splunk enterprise security and CIM.
• Deep expertise in Cribl stream pipeline engineering.
• Proven experience integrating AWS, Azure, GCP security and Audit logs.
• Strong troubleshooting, automation and scripting skills.
• Ability to lead complex ingestion projects independently

FAI is committed to create an environment that respects, supports and inspires all individuals. We do not discriminate on the basis of color, religion, sex, gender identity, sexual orientation and age. At FAI, we celebrate diversity and believe that an inclusive workforce benefits employees, the organization and our community. We are an Equal Opportunity Employer. For more information about our company and dedication to putting People First, check out