SOC Content Detection Engineer

WORK FROM NOIDA OFFICE, PLEASE DON'T APPLY IF YOU ARE LOOKING FOR HYBRID OR WORK FROM HOME

Department:
Managed Services & Support & Security Operations Center (SOC)

Job Type:
Full-Time

Reports To:
SOC Team Lead / Head of Cybersecurity Services

Job Overview:

We are seeking a technically skilled and detail-oriented
SOC Content Detection Engineer
to lead the development, optimization, and governance of detection content across Microsoft Sentinel and Defender XDR platforms. This role is critical to ensuring high-fidelity alerting, minimizing false positives, and aligning detection logic with threat intelligence and MITRE ATT&CK frameworks. The ideal candidate will have deep experience in KQL, Sigma rule development, and SOC telemetry analysis within MSSP environments.

Key Responsibilities:

Detection Content Development

·     Design and implement custom detection rules using KQL
,
Sigma
, and behavioral analytics.

·     Map detection logic to
MITRE ATT&CK
techniques and threat actor profiles.

·     Develop UEBA baselines and anomaly detection use cases.

Alert Tuning & Optimization

·     Analyze alert performance and lead biweekly tuning cycles to reduce false positives.

·     Collaborate with L2/L3 analysts to refine detection thresholds and suppression logic.

·     Maintain a detection content repository with version control and change logs.

Telemetry & Visibility Engineering

·     Conduct log source visibility reviews and telemetry gap analysis.

·     Recommend log onboarding priorities based on threat coverage and customer environments.

·     Validate parsing, normalization, and enrichment of ingested data.

Threat Intelligence Integration

·     Operationalize threat intelligence into detection content and hunt scenarios.

·     Integrate IOCs, TTPs, and threat actor indicators into rule logic and enrichment workflows.

Governance & Documentation

·     Maintain detection playbooks, rule documentation, and tuning reports.

·     Ensure detection content aligns with MSSP governance frameworks and audit requirements.

·     Support change control processes for rule deployment and rollback.

Collaboration & Enablement

·     Work closely with SOC analysts, onboarding consultants, and automation engineers.

·     Provide training and guidance on detection logic, rule writing, and tuning best practices.

·     Participate in incident post-mortems to identify detection gaps and improvement areas.

Required Skills & Qualifications:

Education

·     Bachelor's degree in Cybersecurity, Computer Science, or related field.

Certifications

·     Required: Microsoft Certified: Security Operations Analyst Associate

·     Preferred: MITRE ATT&CK Defender (MAD), GIAC (GCIA, GMON), CompTIA CySA+

Technical Skills

·     Expert-level proficiency in KQL, Microsoft Sentinel, and Defender XDR.

·     Experience with Sigma rule development, UEBA, and SIEM tuning.

·     Strong understanding of log source telemetry, data normalization, and alert lifecycle.

·     Familiarity with threat intelligence platforms and MITRE ATT&CK mapping.

Soft Skills

·     Analytical mindset with strong attention to detail.

·     Excellent documentation and presentation skills.

·     Ability to collaborate across technical and operational teams.

·     Fluent English communication skills (spoken and written).

Experience:

• 5+ years
  in
  SOC
  or
  cybersecurity operations
  , with at least
  2 years
  in
  detection engineering
  or
  SIEM content development
  .
• Prior experience in MSSP environments or multi-tenant SOC platforms is highly preferred.