Security Engineer, Threat Detection

About Workato
Workato transforms technology complexity into business opportunity. As the leader in enterprise orchestration, Workato helps businesses globally streamline operations by connecting data, processes, applications, and experiences. Its AI-powered platform enables teams to navigate complex workflows in real-time, driving efficiency and agility.

Trusted by a community of 400,000 global customers, Workato empowers organizations of every size to unlock new value and lead in today's fast-changing world. Learn how Workato helps businesses of all sizes achieve more at

Why join us?
Ultimately, Workato believes in fostering a
flexible, trust-oriented culture that empowers everyone to take full ownership of their roles
. We are driven by
innovation
and looking for
team players
who want to actively build our company.

But, we also believe in
balancing productivity with self-care
. That's why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives.

If this sounds right up your alley, please submit an application. We look forward to getting to know you

Also, Feel Free To Check Out Why

• Business Insider named us an "enterprise startup to bet your career on"
• Forbes' Cloud 100 recognized us as one of the top 100 private cloud companies in the world
• Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America
• Quartz ranked us the #1 best company for remote workers

Responsibilities
At Workato, security is at the core of everything we do. We are seeking a proactive and detail-oriented
Security Engineer – Threat Detection
to join our expanding Security team in India. In this role, you will be pivotal in optimising and enhancing the performance of our Security Information and Event Management (SIEM) platform.

Your primary responsibility will be to maintain, manage, and enhance the SIEM system by integrating critical log sources and overseeing the entire data lifecycle within the platform. You will play a key role in advancing threat detection capabilities by strategically creating, fine-tuning, and optimizing detection rules to improve accuracy and reduce false alerts.

As a central figure in our security operations, you will ensure the SIEM effectively aggregates, processes, and manages security-relevant data from diverse endpoints—including cloud environments, source control management (SCM) systems, applications, servers, workstations, and network devices. You will collaborate closely with the Incident Response team to conduct deep-dive analyses of security incidents and actively participate in daily on-call rotations.

If you are passionate about automating threat detection, streamlining security workflows, and driving innovation at scale, this is an excellent opportunity for you

In This Role, You Will Also Be Responsible To

• Design, develop, implement, and continuously refine custom detection rules within the SIEM to identify emerging and potential security threats tailored to our network infrastructure, industry standards, and evolving threat landscape.
• Analyze and optimize existing detection rules to enhance accuracy, minimize false positives and negatives, and improve overall alert quality, reducing alert fatigue and boosting the signal-to-noise ratio.
• Collaborate closely with security teams and other key stakeholders to gather requirements, incorporate feedback, and collectively improve the SIEM's threat detection capabilities.
• Utilize both out-of-the-box and custom-built detection rules to effectively address the organization's unique security posture and risk profile.
• Oversee ingestion of logs and telemetry from a broad range of security and operational sources, ensuring data integrity, accurate parsing, and efficient storage for timely threat analysis.
• Apply deep expertise in security monitoring principles, threat detection methodologies, and incident response workflows to continually improve detection strategies and operational readiness.
• Maintain comprehensive documentation of detection rules, tuning activities, and SIEM configuration changes; create dashboards and generate insightful reports for management to highlight data trends and security posture.
• Stay current with the latest security threats, vulnerabilities, and advancements in SIEM technologies, particularly within the Microsoft Sentinel ecosystem, to drive ongoing improvement and innovation.
• Provide technical expertise during security audits, compliance assessments (e.g., SOC 2, ISO 27001), and risk evaluations; collaborate with compliance teams to ensure log retention and data management meet regulatory and internal standards.

Requirements
Qualifications / Experience / Technical Skills

• 3 to 6 years of hands-on experience in threat detection, SIEM management, and Security Operations in SaaS or cloud-based environments.
• Proven expertise with leading SIEM platforms and strong skills in the full lifecycle of detection rule creation, fine-tuning, and optimization to improve threat detection accuracy and reduce false positives.
• In-depth knowledge of managing data ingestion from diverse security and operational sources, with a solid understanding of data from servers, workstations, network devices, cloud environments, and security tools.
• Strong understanding of security monitoring principles, threat detection methodologies, incident response workflows, and common cyberattack vectors.
• Expertise in AWS cloud platform with the ability to identify critical log sources for ingestion; familiarity with cloud security best practices across AWS (Preferred), Azure, and GCP.
• Experience with SOAR platforms such as Workato, Palo Alto XSOAR, or Splunk SOAR, and proficiency in scripting and automation using Python, PowerShell, or Workato recipes.
• Familiarity with security compliance frameworks like SOC 2, ISO 27001, GDPR, and other relevant regulations.
• Relevant security certifications such as CISSP, AWS Certified Security – Specialty, GIAC (GCIH, GCIA), Certified Cloud Security Professional (CCSP).
• Willingness to travel occasionally within India and internationally as required.

Soft Skills / Personal Characteristics

• Strong problem-solving and analytical skills with an automation-first mindset.
• Excellent communication and collaboration skills to work across teams.
• Ability to work independently and manage multiple tasks effectively in a fast-paced environment

(REQ ID: 2336)