SOC Content Detection Engineer

Department: Managed Services & Support & Security Operations Center (SOC)Job Type: Full-TimeReports To: SOC Team Lead / Head of Cybersecurity ServicesFull-timeWORK FROM NOIDA OFFICE, PLEASE DON'T APPLY IF YOU ARE LOOKING FOR HYBRID OR WORK FROM HOME Short notice period or immediate joiners are preferred. Job Overview:We are seeking a technically skilled and detail-oriented SOC Content Detection Engineer to lead the development, optimization, and governance of detection content across Microsoft Sentinel and Defender XDR platforms. This role is critical to ensuring high-fidelity alerting, minimizing false positives, and aligning detection logic with threat intelligence and MITRE ATT&CK frameworks. The ideal candidate will have deep experience in KQL, Sigma rule development, and SOC telemetry analysis within MSSP environments. Key Responsibilities:1.       Detection Content Development·     Design and implement custom detection rules using KQL, Sigma, and behavioral analytics.·     Map detection logic to MITRE ATT&CK techniques and threat actor profiles.·     Develop UEBA baselines and anomaly detection use cases.2.       Alert Tuning & Optimization·     Analyze alert performance and lead biweekly tuning cycles to reduce false positives.·     Collaborate with L2/L3 analysts to refine detection thresholds and suppression logic.·     Maintain a detection content repository with version control and change logs.3.       Telemetry & Visibility Engineering·     Conduct log source visibility reviews and telemetry gap analysis.·     Recommend log onboarding priorities based on threat coverage and customer environments.·     Validate parsing, normalization, and enrichment of ingested data.4.       Threat Intelligence Integration·     Operationalize threat intelligence into detection content and hunt scenarios.·     Integrate IOCs, TTPs, and threat actor indicators into rule logic and enrichment workflows.5.       Governance & Documentation·     Maintain detection playbooks, rule documentation, and tuning reports.·     Ensure detection content aligns with MSSP governance frameworks and audit requirements.·     Support change control processes for rule deployment and rollback.6.       Collaboration & Enablement·     Work closely with SOC analysts, onboarding consultants, and automation engineers.·     Provide training and guidance on detection logic, rule writing, and tuning best practices.·     Participate in incident post-mortems to identify detection gaps and improvement areas.Required Skills & Qualifications:1.       Education·     Bachelor’s degree in Cybersecurity, Computer Science, or related field.2.       Certifications·     Required: Microsoft Certified: Security Operations Analyst Associate·     Preferred: MITRE ATT&CK Defender (MAD), GIAC (GCIA, GMON), CompTIA CySA+3.       Technical Skills·     Expert-level proficiency in KQL, Microsoft Sentinel, and Defender XDR.·     Experience with Sigma rule development, UEBA, and SIEM tuning.·     Strong understanding of log source telemetry, data normalization, and alert lifecycle.·     Familiarity with threat intelligence platforms and MITRE ATT&CK mapping.4.       Soft Skills·     Analytical mindset with strong attention to detail.·     Excellent documentation and presentation skills.·     Ability to collaborate across technical and operational teams.·     Fluent English communication skills (spoken and written).Experience:5+ years in SOC or cybersecurity operations, with at least 2 years in detection engineering or SIEM content development.Prior experience in MSSP environments or multi-tenant SOC platforms is highly preferred.