SIEM Rule Engineer

Description

The SIEM Rule Engineer is responsible for designing, developing, testing, and tuning detection rules, signatures, and alerts for SIEM, IDS/IPS, and other monitoring platforms. This role focuses on enhancing threat detection capabilities by translating threat intelligence, use cases, and attack patterns into actionable and accurate detections
.

Responsibiliti
es

Rule Engineering & Detection Content Development

• Develop and maintain correlation rules, signatures, and detection logic in SIEM (e.g., Splunk, ELK, QRadar), IDS/IPS (e.g., Suricata, Snort), and EDR tools (Wazuh).
• Translate MITRE ATT&CK techniques into detection rules.
• Tune existing rules to reduce false positives/negatives and improve detection fidelity.
• Implement YARA, Sigma, or custom detection formats depending on platform needs.
• Threat Intelligence Integration Collaborate with Threat Intel and Incident Response teams to operationalize IOCs and TTPs.
• Create enrichment pipelines using threat feeds (STIX/TAXII, MISP, etc.)

SOC Automation & Optimization:

• Integrate rule alerts with SOAR platforms for response automation.
• Ensure all rules follow version control and documentation practices (e.g., Git).
• Conduct regression testing of rules during platform upgrades.

Monitoring & Analytics

• Continuously monitor and evaluate rule performance using telemetry data.
• Develop dashboards and reporting for alert metrics, rule health, and detection gaps.

Cross-functional Collaboration

• Work with blue teams, red teams, compliance, and application owners to refine use cases.
• Participate in purple teaming exercises and adapt rules for post-attack simulations.

Eligibility

• Bachelor's or Master's degree in Cybersecurity, Computer Science, or related field.
• 2–5 years of experience in a SOC, cyber threat detection, or security engineering role.
• Proficient in writing SIEM rules, Suricata/Snort signatures, or similar detection logic.
• Strong understanding of MITRE ATT&CK, Cyber Kill Chain, and threat modeling.
• Hands-on experience with ELK Stack, Splunk, QRadar, or equivalent SIEM.
• Familiarity with log sources such as Windows Event Logs, Sysmon, Zeek, Suricata, and fire wall logs.

Desired Eligibility

• Knowledge of scripting (Python, Bash) for custom log parsing or enrichment.
• Experience with SOAR (e.g., Cortex XSOAR, Splunk SOAR).

Experience with industrial protocols (for OT environments):

• Modbus, DNP3,S7Comm, etc.
• Exposure to cloud logging and detection (AWS CloudTrail, Azure Sentinel, etc.).

Certifications: GCIA, GCED, GCTD, Splunk Certified, Elastic Certified Analyst, etc.

Travel

As and when required, across the country for project execution and monitoring, as well as for coordination with geographically distributed teams.

Communication

Submit a cover letter summarising your experience in relevant technologies and software, along with a resume and the Latest passport-size photograph.