Engineer, TSG Information Security, Cyber Operations

About Bain & Company

Bain & Company is a global management consulting firm renowned for its practical insights and results-driven approach. With a history dating back to 1973, Bain advises clients on strategy, operations, technology, and more, aligning its success with client outcomes. The firm has a significant global presence, including established functions in India that have evolved into the Global Business Services (GBS) network. GBS comprises over 1000 professionals across multiple international hubs, supporting Bain globally in areas like operations, HR, finance, legal, tech, marketing, and data analytics. Our guiding principle is "shared innovation, seamless execution," fostering a culture of results, teamwork, and creativity to maintain operational excellence.

Job Summary

The Information Security Engineer, Cyber Operations within Bain's Cyber Security Department is tasked with developing and implementing security solutions that support business objectives. This role involves the development, implementation, improvement, and innovation of security tools, ensuring adherence to best practices. The Engineer will possess strong communication skills, demonstrate analytical rigor, take ownership of tasks with minimal supervision, and effectively prioritize their work.

Specifically, the SIEM Engineer will architect, engineer, optimize, and maintain enterprise SIEM and SOAR platforms, with a primary focus on Palo Alto Cortex XSIAM, XSOAR, and XDR. This position is crucial for ensuring that security monitoring, detection engineering, and automated response capabilities effectively protect enterprise assets and align with business goals. The Engineer will explore and implement new technologies, enhance detection maturity, automate incident response, and support SOC operations. This role demands deep technical expertise, strategic foresight, excellent collaboration, and the ability to work autonomously.

Primary platform ownership: Palo Alto (XSIAM, XSOAR, Cortex XDR)
Secondary platforms: Microsoft Sentinel, Google SecOps (Chronicle)

Principal Accountabilities and % of time

Systems and Security Technologies Operations and Maintenance (80%)

• Demonstrate operational expertise in core business and security technologies.
• Collaborate with senior TSG staff on technology evaluation and implementation.
• Execute the development, testing, and implementation of security methods and control techniques to safeguard users and data.
• Identify and communicate opportunities for enhancing existing capabilities and develop implementation plans.
• Maintain the operational integrity of assigned systems, ensuring software and configurations are up-to-date and secure, escalating issues as needed.
• Analyze risks and threats, proposing potential remediation strategies.

Platform Architecture & Engineering

• Design, implement, and maintain enterprise SIEM architecture utilizing Palo Alto XSIAM.
• Develop and optimize detection rules aligned with the MITRE ATT&CK framework.
• Engineer and maintain SOAR playbooks within XSOAR.
• Integrate and operationalize telemetry from Cortex XDR, firewalls, IAM systems, SaaS platforms, cloud services, and endpoint security tools.
• Manage log ingestion pipelines, including parsing, normalization (CEF, JSON, Syslog), and enrichment.
• Support integration and interoperability with Microsoft Sentinel and Google SecOps.

Detection & Response Engineering

• Develop advanced detection use cases for threats such as insider threats, ransomware, lateral movement, privilege abuse, cloud compromise, and emerging attack patterns.
• Tune detection logic to minimize false positives and enhance signal-to-noise ratio.
• Conduct detection gap analyses and continuously expand security coverage.
• Automate containment and remediation actions using XSOAR playbooks.
• Integrate threat intelligence feeds and custom indicators.
• Improve Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).

Communications, Leadership, and Teaming (20%)

• Understand and incorporate business-relevant factors impacted by security implementations.
• Champion security throughout the organization in all interactions.
• Draft communications for review as appropriate.
• Maintain timely, accurate, and reliable communication with other security team members.
• Engage in continuous learning and professional development to stay abreast of evolving risks and new capabilities.
• Provide support and coverage during peak demand or staff absences.

Knowledge, Skills, and Abilities

• Advanced understanding of IT security principles, concepts, and best practices, with the ability to provide expert guidance.
• Demonstrated expertise in threat modeling.
• Proven ability to analyze and recommend solutions for complex security issues, including mitigating advanced risks and vulnerabilities.
• In-depth proficiency with a wide range of security tools (e.g., advanced firewalls, IDS/IPS, SIEM, EDR, CASB, AV, DLP).
• Extensive knowledge of network protocols, operating systems, and enterprise applications, advising on secure configurations.
• Thorough understanding of industry standards and regulations (e.g., ISO 27001, GDPR, NIST) and ability to ensure compliance and support audits.
• Exceptional written and verbal communication skills, capable of explaining complex security concepts to diverse audiences, including executives.

Experience

• Associate's/Bachelor’s degree or equivalent combination of education, training, and experience.
• Recommended Years of Relevant Experience: 2-4+ years.
• Experience with Information Security technologies (Firewall, IPS, IDS, SIEM, EDR, CASB, AV, DLP, etc.).
• Experience with Cloud deployments and relevant security controls.
• Experience securely deploying systems or applications.
• Experience with automation of Information Security controls.
• Experience with Identity and directory technologies (e.g., Active Directory, Okta, MFA, PKI, Conditional Access).
• Experience implementing security monitoring solutions and supporting security operations and GRC teams.
• Familiarity with security threats, vulnerabilities, and common mitigation strategies.
• Deep expertise in: Palo Alto XSIAM, Palo Alto XSOAR, Cortex XDR.
• Strong knowledge of: Log aggregation and normalization, Syslog, JSON, CEF formats, REST APIs and integrations.
• Experience designing and implementing Cortex XSIAM AI-driven detection models.
• Experience leveraging Cortex Agentic AI capabilities for autonomous investigation workflows.
• Experience developing advanced detections using Kusto Query Language (KQL).
• Experience with AI-assisted detection engineering, autonomous response engineering, and cross-platform orchestration.

What Makes Us a Best Place to Work

Bain & Company is consistently recognized as a world-class employer, holding the top spot on Glassdoor’s Best Places to Work list and achieving #1 overall seven times. Our success is built on extraordinary teams, fostered through intentional efforts to create a diverse, inclusive, and supportive work environment. We seek individuals with exceptional talent and cultivate an atmosphere where every employee can thrive professionally and personally.