SIEM Detection Engineer

Job Description

Job Title: SIEM Detection Engineer

Designation: Engineer

Company: Cumulus Systems Pvt. Ltd.

Location: Pune, India

Experience: 3-6 years as Detection Engineer

Company Overview:

Cumulus Systems engages in providing End-to-End Software Development Lifecycle involving Business & Requirements Analysis, Solution Architecture & Design, Development, Testing, Deployment and Postproduction Support. Its cross-domain storage performance management platform called MARS (Measure Analyze Recommend Solve) monitors and helps manage large-scale, heterogeneous IT infrastructure across the entire enterprise.

Position Overview:

As an L2 Detection Specialist, you will design, test, and maintain high-fidelity detection content in one of the following SIEM platforms—Microsoft Sentinel (KQL) or Google Security Operations (YARA-L). Partnering closely with SOAR engineers, SOC analysts, and solutions engineers, you will perform proactive threat hunting, fine-tune alert logic, and ensure our global SOC can rapidly identify and respond to emerging threats.

Job Roles & Responsibilities:

Design, build, and maintain detection rules, correlation searches, dashboards, and reports in one or more of the specialized SIEM platform.

Continuously validate and tune detection logic through simulations, red-team findings, SOC false positives and live incident feedback.

Analyze log and telemetry data to uncover suspicious behaviors, patterns, and indicators of compromise; develop new signatures accordingly.

Integrate external threat-intelligence feeds (IoCs and TTPs) to enrich alerts and broaden detection coverage.

Leverage MITRE ATT&CK and other frameworks to guide prioritization and detection development methodology.

Perform periodic rule health checks, adjusting thresholds to maximize fidelity and minimize false positives.

Collaborate with SOAR engineers to automate enrichment, triage, and response actions that stem from SIEM alerts.

Conduct hypothesis & threat intelligence driven threat hunts to identify advanced attacker techniques not yet covered by automated detections.

Generate clear, actionable metrics and trend reports for SOC leadership, highlighting alert volumes, rule efficacy, and tuning outcomes. Maintain detection KPIs to measure alert accuracy.

Document all detection logic, tuning rationales, and operational procedures to support audit, compliance, and knowledge transfer.

Provide technical consultation during incident investigations and post-incident retrospectives, identifying detection gaps and recommending improvements.

Skills:

Strong understanding of MITRE ATT&CK and its practical application to detection engineering.

Familiarity with cloud infrastructures (Azure, GCP, AWS) and the security logs they generate.

Proficiency in scripting for automation (Python or PowerShell preferred).

Working knowledge of common security controls and telemetry sources—firewalls, IDS/IPS, EDR, endpoint protection, cloud logs, etc.

Relevant certifications (any of): Admin · SC-200 (Microsoft Sentinel) · Google SecOps Certified · CompTIA Security+ · GCP / Azure / AWS Foundational.

Excellent written documentation skills and the ability to convey complex detection concepts to both technical and non-technical stakeholders.

Experience: Minimum 3 years overall experience in cybersecurity operations or engineering.

At least 1–2 years hands-on experience building detections in one of the following SIEMs: Microsoft Sentinel (KQL) or Google SecOps (YARA-L).

Nice-to-Have

Experience integrating SOAR playbooks with SIEM alerts.

Prior involvement in purple-team exercises or red-team simulations.

Knowledge of additional query or signature languages (e.g., Sigma, Elastic Query DSL).

Scripting Knowledge (Python, Powershell)

Data Analytics & Reporting Expertise in Microsoft PowerBI, Tableau or equivalents.