Project Role : Security Delivery Lead
Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets).
Must have skills : Security Information and Event Management (SIEM)
Good to have skills : NA
Minimum
7.5 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary:
The SOC Purple Team Engineer acts as a bridge between offensive security (Red Team) and defensive security (Blue Team). The role focuses on validating, improving, and enhancing SOC detection and response capabilities by simulating attacker behaviors, collaborating with SOC analysts, and strengthening detection engineering. This position drives continuous improvement of the organization’s cyber defense posture through coordinated purple team exercises and detection tuning.
Roles & Responsibilities:
- Plan and execute purple team engagements combining offensive simulations with defensive monitoring.
- Collaborate with Red Team to emulate adversary TTPs aligned with MITRE ATT&CK.
- Work with SOC/Blue Team to validate detection logic, alerting accuracy, and response workflows.
- Document gaps found during purple tests and drive remediation and tuning activities.
- Facilitate training sessions to enhance team skills and knowledge.
- Monitor project progress and implement corrective actions as necessary.
- Perform controlled simulations of attacker behaviors such as:Initial access, Privilege escalation, Lateral movement, CW/C2 communication, Persistence mechanisms, Data exfiltration techniques
- Validate SOC visibility and ensure telemetry coverage across endpoints, network, cloud, and identity.
- Identify detection gaps and propose enhancements to SIEM and EDR detection logic.
- Create, test, and tune detection use cases based on threat actor behaviors.
- Work with detection engineers and hunters to operationalize new detections.
- Assist in building dashboards, correlation rules, and behavioral analytics.
- Use threat intelligence to select realistic TTPs for simulation.
- Map attacks and detections to MITRE ATT&CK to measure coverage and maturity.
- Drive improvements in defensive capabilities aligned to known threat actors and campaigns.
- Support IR teams during investigations by validating telemetry and attack path reconstruction.
- Assist in conducting post-incident purple exercises to improve detection and response readiness.
- Document objectives, methods, findings, and recommended remediations from engagements.
- Create purple playbooks and standardised methodology for repeatable simulations.
- Present results to leadership, highlighting improvements and remaining risks.
- Contribute to continuous enhancement of overall SOC maturity.
Professional & Technical Skills:
- Must To Have Skills: SOC/SIE/SOAR (Splunk, Tines), EDR tools (CrowdStrike, Defender ATP), Red Team tools (Caldera, Atomic Red Team, Cobalt Strike-like frameworks, Metasploit)
- Strong understanding of offensive and defensive security concepts.
- Experience with incident response and threat management.
- Ability to analyze security events and generate actionable insights.
- Familiarity with security monitoring tools and technologies.
- Strong knowledge of Windows, Linux, Active Directory, and cloud attack techniques.
- Familiarity with network security monitoring and anomaly detection.
- Good understanding of MITRE ATT&CK, Cyber Kill Chain, and threat actor behaviors.
- Ability to write scripts (Python, PowerShell, Bash) for automation and simulation.
- Strong analytical and problem-solving mindset.
- Ability to collaborate across offensive and defensive security teams.
- Clear communication skills to present findings and influence improvements.
- Strong documentation, report writing, and stakeholder communication abilities.
Additional Information:
- The candidate should have minimum 7.5 years of experience in Security Information and Event Management (SIEM).
- This position is based at our Bengaluru office.
- A 15 years full time education is required.
Bachelor’s degree in Cybersecurity, Information Security, or related field.
- Preferred certifications: OSCP / OSCE / OSEP (Red Team focus), GCIA / GCIH / GMON (Blue Team focus), Vendor certifications in SIEM/EDR tools
15 years full time education
About Accenture
Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent- and innovation-led company with approximately 791,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology and leadership in cloud, data and AI with unmatched industry experience, functional expertise and global delivery capability. Our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Song, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients reinvent and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities.
Visit us at www.accenture.com
Equal Employment Opportunity Statement
We believe that no one should be discriminated against because of their differences. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, military veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by applicable law. Our rich diversity makes us more innovative, more competitive, and more creative, which helps us better serve our clients and our communities.