Engineer, TSG Information Security, Cyber Operations

Company Profile 

Bain & Company is the management consulting firm that the world’s business leaders come to when they want results. Bain advises clients on strategy, operations, information technology, organization, private equity, digital transformation and strategy, and mergers and acquisition, developing practical insights that clients act on and transferring skills that make change stick. The firm aligns its incentives with clients by linking its fees to their results. Bain clients have outperformed the stock market 4 to 1. Founded in 1973, Bain has offices in various countries, and its deep expertise and client roster cross every industry and economic sector.

The firm established several functions in the Indian market early 2000s and its remit across functions has expanded over time. Since 2019, these functions have become part of Global Business Services (GBS). Global Business Services (GBS) is a network of five interconnected business-function hubs across India, Poland, Malaysia, Mexico and Portugal, serving Bain globally to run our business, support other functions, and help drive innovation internally. We are over 1000 business professionals – serving functions in operations, HR, finance, legal, tech, marketing, research, and data analytics – who support our offices globally.  Our mantra of “shared innovation, seamless execution,” underpinned by a passion for results, teamwork, and creativity, helps Bain stay at the top of our game operationally.

Job Summary

The Engineer within the Bain's Cyber Security Department is responsible for leveraging their broad knowledge and expertise in security toolsets to develop and deliver solutions in the pursuit of business objectives. The Engineer will support the development, implementation, improvement, and innovation of security related tools and ensure best practices are followed. The Engineer will demonstrate strong communication skills, both internally and externally, maintain high standards of analytical thoroughness and quality of work, take ownership of workstream with minimal oversight, and prioritize efforts appropriately.

The SIEM Engineer is responsible for architecting, engineering, optimizing, and maintaining enterprise SIEM and SOAR platforms with primary focus on Palo Alto Cortex XSIAM, XSOAR, and XDR.

This role ensures that security monitoring, detection engineering, and automated response capabilities effectively protect enterprise assets while aligning with business objectives.

The Engineer will evaluate and implement emerging technologies, continuously improve detection maturity, automate incident response workflows, and support SOC operations. This role requires deep hands-on engineering expertise, strategic thinking, strong collaboration skills, and the ability to operate with limited oversight.

Primary platform ownership: Palo Alto (XSIAM, XSOAR, Cortex XDR)

Secondary platforms: Microsoft Sentinel, Google SecOps (Chronicle)

Principal Accountabilities and % of time

Systems and Security Technologies Operations and Maintenance (80%)

• Operational expertise in core business and security technologies 
• Work with senior TSG staff to support technology evaluation and implementations
• Coordinate and execute development, testing, and implementation of security methods and control techniques to protect users and data
• Identify and communicate opportunities and implementation plans for improving existing capabilities
• Maintain operational integrity of Systems under their responsibility and update software and configurations to keep them current and secure, escalating issues as appropriate
• Provide analysis of risk and threats, suggesting potential remediations

Platform Architecture & Engineering

• Design, implement, and maintain enterprise SIEM architecture using Palo Alto XSIAM
• Develop and optimize detection rules aligned with MITRE ATT&CK framework
• Engineer and maintain SOAR playbooks in XSOAR
• Integrate and operationalize telemetry from Cortex XDR, firewalls, IAM systems, SaaS platforms, cloud services, and endpoint security tools
• Manage log ingestion pipelines, parsing, normalization (CEF, JSON, Syslog), and enrichment
• Support integration and interoperability with Microsoft Sentinel and Google SecOps

Detection & Response Engineering

• Develop advanced detection use cases for insider threats, ransomware, lateral movement, privilege abuse, cloud compromise, and emerging attack patterns
• Tune detection logic to reduce false positives and improve signal-to-noise ratio
• Conduct detection gap analysis and continuously expand coverage
• Automate containment and remediation actions using XSOAR playbooks
• Integrate threat intelligence feeds and custom indicators
• Improve Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)

Communications, Leadership, and Teaming  (20%)

• Gather and incorporate understanding of business relevant factors impacted by security implementations
• Advocate for security throughout the organization as a part of any interaction
• Draft communications as appropriate for review
• Timely, accurate, efficient, reliable communications to other members of the security team
• Engage in continuous learning and professional development to maintain awareness of changing risks and new capabilities
• Provide support and coverage during peak times or staff absence

Knowledge, Skills, and Abilities

• Advanced understanding of IT security principles, concepts, and best practices with the ability to provide expert guidance to junior team members
• Demonstrated expertise in conducting threat modelling
• Proven ability to analyze and recommend solutions for highly intricate security issues, including identifying and mitigating advanced security risks and vulnerabilities
• In-depth proficiency with a wide range of security tools, including advanced firewalls, intrusion detection systems, antivirus software, and encryption technologies
• Extensive knowledge of network protocols, operating systems, and applications commonly used in enterprise environments, with the ability to advise on security-related configuration and deployment best practices
• Thorough understanding of relevant industry standards and regulations, such as ISO 27001, GDPR, NIST and the ability to ensure compliance and support audits and assessments
• Exceptional written and verbal communication skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders, including executive management

Experience

• Education - Associate's/Bachelor’s degree or an equivalent combination of education, training and experience.
• Recommended Years of Relevant Experience - 2-4+
• Experience with Information Security technologies (Firewall, IPS, IDS, SIEM, EDR, CASB, AV, DLP, etc.)
• Experience with Cloud deployments and relevant security controls
• Experience securely deploying systems or applications 
• Experience with automation of Information Security controls
• Experience with Identity and directory technologies such as Active Directory, Okta, MFA, PKI, Conditional Access
• Experience implementing security monitoring solutions and providing support to security operations and Governance/Risk teams
• Familiarity with security threats and vulnerabilities, and common mitigation strategies
• Deep expertise in:Palo Alto XSIAM,Palo Alto XSOAR,Cortex XDR
• Strong knowledge of:Log aggregation and normalization,Syslog, JSON, CEF formats, REST APIs and integrations
• Design and implement Cortex XSIAM AI-driven detection models
• Leverage Cortex Agentic AI capabilities for autonomous investigation workflows
• Develop advanced detections using Kusto Query Language (KQL)
• AI-assisted detection engineering
• Autonomous response engineering
• Cross-platform orchestration

What Makes Us a Best Place to Work

We are proud to be consistently recognized as one of the world’s best places to work. We are currently the top ranked consulting firm on Glassdoor’s Best Places to Work list and have earned the #1 overall spot a record seven times.
 Extraordinary teams are at the heart of our business strategy, but these don’t happen by chance. They require intentional focus on bringing together a broad set of backgrounds, cultures, experiences, perspectives, and skills in a supportive and inclusive work environment. We hire people with exceptional talent and create an environment in which every individual can thrive professionally and personally.