Senior Analyst - SCRAT

About the Role

Position Title: SCRAT Engineer

Corporate Title: Senior Analyst

Reporting to: Director

Location: Bengaluru

Shift Timing: 1:00PM - 10:00 PM IST (Need to be flexible)

Job Profile:

Roles and Responsibilities:

• Operate under the SOC function, reporting to the SOC Manager, with responsibility for developing and fine-tuning detection logic and correlation rules in Splunk SIEM and other detection platforms (e.g., Splunk ES, UBA, SOAR)
• Collaborate actively with the Global Security Content and Response Automation Team (SCRAT) to enhance detection logic and response automation
• Participate in daily SOC stand-up calls and provide support for complex query development and troubleshooting
• Oversee the quality and effectiveness of detection logic, continuously reducing false positives and improving alert fidelity through iterative tuning and feedback
• Work closely with SOC Engineering to ensure necessary telemetry and event sources are available for effective threat detection
• Stay up to date with emerging threats and attacker techniques, translating threat intelligence into actionable detection content
• Maintain comprehensive documentation for detection logic, including rule rationale, expected behavior, and tuning history.
• Perform threat coverage gap analysis and mapping using frameworks such as MITRE ATT&CK
• Support threat hunting initiatives by developing custom queries, dashboards, and analytics
• Mentor junior Splunk administrators on data ingestion, parsing, indexing, and troubleshooting
• Participate in red/blue/purple team exercises to validate and improve detection effectiveness.
• Assist in the development of detection-related KPIs and metrics for SOC performance reporting.

Job Requirements:

• 35 years of experience in SOC, threat detection, or security engineering roles
• Advanced proficiency in analyzing security events across both Linux and Windows environments, including log source normalization and enrichment
• Strong command of SIEM query languages (e.g., Splunk SPL , KQL, CrowdStrike Query Language), with the ability to write complex queries for threat detection, hunting, and anomaly identification
• Proficiency in scripting languages such as Python and PowerShell, with experience automating detection logic and integrating with orchestration workflows
• Demonstrated expertise in building and maintaining detection content, including correlation searches and risk-based alerting
• Deep understanding of the MITRE ATT&CK framework and the ability to accurately map detection logic to specific TTPs
• Hands-on experience with the Splunk ecosystem, including Enterprise Security (ES), User Behaviour Analytics (UBA), SOAR, and apps like TrackMe
• Strong foundational knowledge of cybersecurity principles, threat landscapes, and incident response methodologies
• Excellent communication and collaboration skills, with the ability to work effectively across SOC, IR, and global engineering teams
• Strong analytical and problem-solving abilities
• Splunk certifications (e.g., Admin, Architect) are a plus

Equal Opportunity Employer:

The MUFG Group is committed to providing equal employment opportunities to all applicants and employees and does not discriminate on the basis of race, colour, national origin, physical appearance, religion, gender expression, gender identity, sex, age, ancestry, marital status, disability, medical condition, sexual orientation, genetic information, or any other protected status of an individual or that individual's associates or relatives, or any other classification protected by the applicable laws.