Platform Administrator – NextGen SIEM (4- 8 yrs)

Job Title: Platform Administrator - NextGen SIEM
Location: Bangalore (on site)
Experience Level: 4 - 8 years

About ColorTokens

ColorTokens specializes in advanced security solutions designed to safeguard organizations assets and critical systems from cyber threats. Our flagship product Xshield Enterprise Microsegmentation platform empowers organizations to prevent initial compromises from escalating into damaging crises. By emphasizing proactive security measures ColorTokens ensures comprehensive protection for critical workloads and data enabling organizations to stay breach ready.

With a clientele spanning some of the worlds largest organizations including prominent cancer research centers cities and national defense departments ColorTokens serves industries handling sensitive information and subject to stringent regulatory requirements.

ColorTokens cloud-delivered platform streamlines onboarding efforts and reduces maintenance costs for organizations. Providing pervasive protection their platform covers data center servers legacy systems cloud workloads containers and operational technology (OT) and Internet of Things (IoT) devices.

The companys recognition as a Strong Performer in the Forrester New Wave: Microsegmentation report solidifies ColorTokens reputation as a trusted provider of microsegmentation solutions for organizations seeking to enhance their security posture.

Our Culture

We foster an environment that values customer focus innovation collaboration mutual respect and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously.

Self-starters and high-motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of worlds impactful organizations be it a childrens hospital or a city or the defense department of an entire country.

Learn more at.

Company Overview:

ColorTokens is a fast-growing cybersecurity product company that is redefining the way enterprises protect their digital assets. Our market-leading Xshield platform enables Zero Trust microsegmentation and real-time visibility into application traffic ensuring robust protection against modern cyber threats. We are looking for passionate and driven individuals to join our mission in building cutting-edge security products.

Position Overview:

Colortokens is seeking a highly skilled and motivated Platform Administrator to manage maintain and optimize our NextGen Security Information and Event Management (SIEM) platform. The ideal candidate will oversee the day-to-day operations ensure seamless integration of customer log sources security tools and provide robust support to the security operations team. This role requires a strong technical background hands-on experience with SIEM platforms and a proactive approach to enhancing security posture.

Key Responsibilities:

SIEM Platform Administration

• Deploy configure and maintain the NextGen SIEM platform (e.g. Stellar Cyber Splunk Sentinel QRadar Chronicle Exabeam etc).
• Perform regular updates patches and upgrades to ensure platform security and functionality.
• Monitor platform health performance and availability ensuring optimal uptime.

Log Source Management

• Onboard new log sources ensuring proper data ingestion and parsing from various environments (endpoints servers cloud platforms applications).
• Troubleshoot and resolve issues related to log ingestion parsing and formatting.
• Maintain log retention policies in alignment with compliance requirements.

Rule and Use Case Management

• Develop deploy and fine-tune detection rules correlation use cases and alerts.
• Continuously update use cases based on emerging threats business needs or compliance mandates.
• Collaborate with SMEs and SOC analysts to refine detection capabilities and reduce false positives.

Integration and Automation

• Integrate the SIEM platform with other security tools (EDR microsegmentation solution vulnerability scanners etc.).
• Design and implement automation workflows for incident detection investigation and response.

Platform Security and Compliance

• Enforce platform access control policies ensuring role-based access and least privilege principles.
• Ensure the SIEM adheres to regulatory compliance standards (e.g. SOC2 ISO 27001).
• Conduct regular audits and ensure the platform is free of vulnerabilities.

Collaboration and Support

• Work closely with SOC analysts threat hunters and engineers to align the SIEM capabilities with security goals.
• Provide technical support to users of the SIEM platform.
• Offer training and documentation for security teams on effective SIEM usage.
• Be available round the clock in case of any incidents with the platform.

Performance Monitoring and Optimization

• Monitor and optimize storage and indexing performance.
• Proactively identify bottlenecks and improve platform scalability.
• Generate reports on platform performance and alerting effectiveness.

Incident Support

• Assist the SOC team with root cause analysis and advanced investigations.
• Ensure forensic data is readily available during incident response.

Education and Certifications:

• Bachelors degree in computer science Information Security
• Relevant certifications such as Splunk Certified Admin Microsoft Certified: Security Operations Analyst Associate QRadar Certification or similar NextGen SIEM certifications are highly desirable along with CISSP

Relavant Experience:

• 4- 8 years of experience in managing SIEM platforms (traditional or NextGen).
• Strong hands-on experience with at least one NextGen SIEM platform (e.g. Stellar Cyber Splunk Sentinel Chronicle Exabeam).
• Experience with log management rule creation and data onboarding.
• Familiarity with scripting languages (e.g. Python PowerShell) for automation.

Technical Skills:

• In-depth understanding of log formats protocols (e.g. Syslog JSON XML) and data pipelines.
• Proficiency in querying languages (e.g. KQL SPL AQL).
• Experience integrating SIEMs with security tools like EDR SOAR NDR and threat intelligence platforms.
• Knowledge of security frameworks such as MITRE ATT&CK NIST or CIS.

Soft Skills:

• Strong analytical and troubleshooting skills.
• Excellent verbal and written communication skills.
• Ability to work collaboratively in a fast-paced environment.

Preferred Skills:

• Familiarity with cloud-based security solutions (e.g. AWS Azure Google Cloud).
• Experience in implementing machine learning or anomaly detection in SIEM use cases.
• Exposure to SOAR tools (e.g. Palo Alto Cortex XSOAR Splunk Phantom).

Key Metrics for Success:

• Uptime and performance of the SIEM platform.
• Number of new log sources and use cases onboarded.
• Reduction in false positives and tuning of alerts.
• Timely resolution of platform-related issues.
• Alignment of the platform with business and security requirements

Why Join Us

• Work on a cutting-edge cybersecurity product in a fast-paced startup environment.
• Collaborate with a world-class team of engineers and security experts.
• Opportunity to learn grow and make a real impact from day one.