SIEM Detection Engineer

Job Description:

Job Title: SIEM Detection Engineer

Designation: Engineer

Company: Cumulus Systems Pvt. Ltd.

Location: Pune, India

Company Overview:

Cumulus Systems engages in providing End-to-End Software Development Lifecycle involving Business & Requirements Analysis, Solution Architecture & Design, Development, Testing, Deployment and Postproduction Support. Its cross-domain storage performance management platform called MARS (Measure Analyze Recommend Solve) monitors and helps manage large-scale, heterogeneous IT infrastructure across the entire enterprise.

Position Overview:

As an L2 Detection Specialist, you will design, test, and maintain high-fidelity detection content in one of the following SIEM platforms—Microsoft Sentinel (KQL) or Google Security Operations (YARA-L). Partnering closely with SOAR engineers, SOC analysts, and solutions engineers, you will perform proactive threat hunting, fine-tune alert logic, and ensure our global SOC can rapidly identify and respond to emerging threats.

Job Roles & Responsibilities:

• Design, build, and maintain detection rules, correlation searches, dashboards, and reports in one or more of the specialized SIEM platform.
• Continuously validate and tune detection logic through simulations, red-team findings, SOC false positives and live incident feedback.
• Analyze log and telemetry data to uncover suspicious behaviors, patterns, and indicators of compromise; develop new signatures accordingly.
• Integrate external threat-intelligence feeds (IoCs and TTPs) to enrich alerts and broaden detection coverage.
• Leverage MITRE ATT&CK and other frameworks to guide prioritization and detection development methodology.
• Perform periodic rule health checks, adjusting thresholds to maximize fidelity and minimize false positives.
• Collaborate with SOAR engineers to automate enrichment, triage, and response actions that stem from SIEM alerts.
• Conduct hypothesis & threat intelligence driven threat hunts to identify advanced attacker techniques not yet covered by automated detections.
• Generate clear, actionable metrics and trend reports for SOC leadership, highlighting alert volumes, rule efficacy, and tuning outcomes. Maintain detection KPIs to measure alert accuracy.
• Document all detection logic, tuning rationales, and operational procedures to support audit, compliance, and knowledge transfer.
• Provide technical consultation during incident investigations and post-incident retrospectives, identifying detection gaps and recommending improvements.

Skills:

• Strong understanding of MITRE ATT&CK and its practical application to detection engineering.
• Familiarity with cloud infrastructures (Azure, GCP, AWS) and the security logs they generate.
• Proficiency in scripting for automation (Python or PowerShell preferred).
• Working knowledge of common security controls and telemetry sources—firewalls, IDS/IPS, EDR, endpoint protection, cloud logs, etc.
• Relevant certifications (any of): AZ-500 · Google SecOps Certified · CompTIA Security+ · GCP / Azure / AWS Foundational.
• Excellent written documentation skills and the ability to convey complex detection concepts to both technical and non-technical stakeholders.

Experience: Minimum 3 years overall experience in cybersecurity operations or engineering.

At least 1–2 years hands-on experience building detections in one of the following SIEMs: Microsoft Sentinel (KQL) or Google SecOps (YARA-L).

Nice-to-Have

• Experience integrating SOAR playbooks with SIEM alerts.
• Prior involvement in purple-team exercises or red-team simulations.
• Knowledge of additional query or signature languages (e.g., Sigma, Elastic Query DSL).
• Scripting Knowledge (Python, Powershell)
• Data Analytics & Reporting Expertise in Microsoft PowerBI, Tableau or equivalents.