SIEM Detection Engineer

Location:

Job ID:

Date Posted:

Company Name:

Profession (Job Category):

Job Schedule: 

Remote:

Job Description:

Job Title: SIEM Detection Engineer

Designation: Engineer

Company: Cumulus Systems Pvt. Ltd.

Location: Pune, India

Salary: As per Industry

Company Overview:

Cumulus Systems engages in providing End-to-End Software Development Lifecycle involving Business & Requirements Analysis, Solution Architecture & Design, Development, Testing, Deployment and Postproduction Support. Its cross-domain storage performance management platform called MARS (Measure Analyze Recommend Solve) monitors and helps manage large-scale, heterogeneous IT infrastructure across the entire enterprise.

Position Overview:

As an L2 Detection Specialist, you will design, test, and maintain high-fidelity detection content in one of the following SIEM platforms—Microsoft Sentinel (KQL) or Google Security Operations (YARA-L). Partnering closely with SOAR engineers, SOC analysts, and solutions engineers, you will perform proactive threat hunting, fine-tune alert logic, and ensure our global SOC can rapidly identify and respond to emerging threats.

Job Roles & Responsibilities:

• Design, build, and maintain detection rules, correlation searches, dashboards, and reports in one or more of the specialized SIEM platform.

• Continuously validate and tune detection logic through simulations, red-team findings, SOC false positives and live incident feedback.

• Analyze log and telemetry data to uncover suspicious behaviors, patterns, and indicators of compromise; develop new signatures accordingly.

• Integrate external threat-intelligence feeds (IoCs and TTPs) to enrich alerts and broaden detection coverage.

• Leverage MITRE ATT&CK and other frameworks to guide prioritization and detection development methodology.

• Perform periodic rule health checks, adjusting thresholds to maximize fidelity and minimize false positives.

• Collaborate with SOAR engineers to automate enrichment, triage, and response actions that stem from SIEM alerts.

• Conduct hypothesis & threat intelligence driven threat hunts to identify advanced attacker techniques not yet covered by automated detections.

• Generate clear, actionable metrics and trend reports for SOC leadership, highlighting alert volumes, rule efficacy, and tuning outcomes. Maintain detection KPIs to measure alert accuracy.

• Document all detection logic, tuning rationales, and operational procedures to support audit, compliance, and knowledge transfer.

• Provide technical consultation during incident investigations and post-incident retrospectives, identifying detection gaps and recommending improvements.

Skills:

• Strong understanding of MITRE ATT&CK and its practical application to detection engineering.

• Familiarity with cloud infrastructures (Azure, GCP, AWS) and the security logs they generate.

• Proficiency in scripting for automation (Python or PowerShell preferred).

• Working knowledge of common security controls and telemetry sources—firewalls, IDS/IPS, EDR, endpoint protection, cloud logs, etc.

• Relevant certifications (any of): Admin · SC-200 (Microsoft Sentinel) · Google SecOps Certified · CompTIA Security+ · GCP / Azure / AWS Foundational.

• Excellent written documentation skills and the ability to convey complex detection concepts to both technical and non-technical stakeholders.

Experience: Minimum 3 years overall experience in cybersecurity operations or engineering.

At least 1–2 years hands-on experience building detections in one of the following SIEMs: Microsoft Sentinel (KQL) or Google SecOps (YARA-L).

Nice-to-Have

• Experience integrating SOAR playbooks with SIEM alerts.

• Prior involvement in purple-team exercises or red-team simulations.

• Knowledge of additional query or signature languages (e.g., Sigma, Elastic Query DSL).

• Scripting Knowledge (Python, Powershell)

• Data Analytics & Reporting Expertise in Microsoft PowerBI, Tableau or equivalents.