Experience: 0 to 3 years
Location: Mumbai, Maharashtra, India
The Appliance Integration Consultant is responsible for analyzing, designing, and structuring log flow architecture to onboard customer environments onto ControlCase’s SIEM / XDR and Vulnerability Management cloud platform, while collecting the evidence required to support customer certification efforts.
This is a hands-on, customer-facing technical role requiring strong knowledge of systems, networking, and cloud infrastructure, along with the ability to communicate clearly and confidently with customers while integrating a wide range of asset types, including:
- Network devices including firewalls, routers, switches, hypervisors, and other security appliances.
- Windows and Linux servers across all major distributions.
- Active Directory, LDAP, and DNS servers.
- macOS systems (basic administration).
- Applications and databases hosted on-premises or in the cloud.
- APIs, agents, tokens, and web services.
- Cloud platforms including AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and DigitalOcean (basic).
Key Responsibilities
Customer Onboarding & Platform Integration
- Lead end-to-end onboarding of customer environments onto the SIEM, XDR, and Vulnerability Management cloud platform, including planning, scoping, and execution.
- Configure and troubleshoot agents, APIs, tokens, web services, log forwarders, and other platform components across diverse customer environments.
- Design and implement log flow architecture to ensure reliable and complete data ingestion.
- Analyze customer network topology and asset inventory to determine the most effective integration strategy.
Solution Administration & Optimization
- Manage platform user accounts by creating, modifying, and deactivating access according to customer and internal policies.
- Create and maintain customer-specific watchlists and data sources to support threat detection.
- Manage major platform changes within customer environments, ensuring proper testing, documentation, and deployment.
- Validate log sources, optimize platform performance, and generate reports on integration health and data coverage.
- Evaluate and integrate new technologies and products as they become available.
Compliance, Evidence & Audit Support
- Deploy and maintain audit rules and log retention policies that align with compliance requirements including PCI DSS, ISO 27001, SOC 2, NIST, and GDPR.
- Collect, organize, and submit audit evidence required for customer certification engagements.
- Map customer security and compliance requirements to appropriate SIEM and XDR configurations.
Documentation, Process & Automation
- Create documentation, runbooks, and workflow diagrams to standardize onboarding and operational procedures.
- Develop and maintain log parsers using parsing rules, filters, and regular expressions.
- Identify automation opportunities that improve deployment efficiency and reduce operational effort.
Customer & Cross-Functional Collaboration
- Serve as the primary technical contact for assigned customers and maintain strong working relationships.
- Troubleshoot technical issues by identifying root causes, implementing solutions, and providing preventive recommendations.
- Collaborate with SOC analysts, engineers, and data science teams to improve monitoring and detection capabilities.
- Train and mentor engineers and customers on platform functionality and best practices.
- Coordinate product enhancements and feature requests with technology vendors.
Professional Development
- Stay current with evolving cybersecurity threats, detection methodologies, MITRE ATT&CK, and the Cyber Kill Chain.
- Participate in vendor training, technical meetings, and industry conferences to maintain technical expertise.
Required Qualifications
Bachelor’s degree or diploma in Information Technology, Computer Applications, Engineering, or a related field.
Required Experience
- Minimum 2 years of experience in systems administration, network administration, or technical support.
- Minimum 2 years of experience in managed services, information security, or a Security Operations Center (SOC) environment.
- Minimum 2 years of experience working directly with customers or clients.
Technical Skills
- Working knowledge of SIEM and XDR platforms such as Rapid7, LogRhythm, IBM QRadar, or similar technologies.
- Intermediate proficiency with Windows and Linux operating systems across major distributions, with basic familiarity with macOS.
- Strong understanding of network architecture across on-premises, data center, and cloud environments including AWS, Azure, Google Cloud Platform, and Oracle Cloud.
- Knowledge of log forwarding, parsing rules, regular expressions, and basic scripting.
- Experience with network traffic analysis tools such as tcpdump, Wireshark, Ngrep, or similar.
- Understanding of security and compliance frameworks including PCI DSS, NIST, SOC 2, GDPR, and ISO 27001.
Core Competencies
- Excellent written, verbal, and interpersonal communication skills with the ability to explain technical concepts to non-technical audiences.
- Strong analytical thinking and structured problem-solving abilities.
- Ability to manage multiple customer environments and competing priorities.
- Self-motivated with a continuous improvement mindset.
Preferred Qualifications
- Experience with infrastructure automation tools such as Ansible, Chef, or Terraform.
- Knowledge of the MITRE ATT&CK framework and Cyber Kill Chain methodology.
- Experience supporting compliance audits for PCI DSS, ISO 27001, or SOC 2.
- Experience mentoring junior engineers or delivering technical training to customers.
Work Environment
This is a customer-facing technical consulting role that may require flexibility across global time zones to support international customer environments. This position focuses on technical implementation and integration and is not a customer support role.
