Job Description - SIEM Lead Engineer

Role Overview

The SIEM Lead Engineer is responsible for leading the design, development, and optimization of SIEM alerting, enrichment, and monitoring capabilities using Splunk. This role focuses on improving alert fidelity, contextual enrichment, detection engineering, and overall SOC effectiveness. The role acts as a technical lead and escalation point, working closely with SOC Analysts, Threat Detection, Security Engineering, and platform teams.

Key Responsibilities

• Lead engineering and optimization of Splunk-based SIEM alerting and monitoring.
• Design, develop, and tune correlation rules and detections to reduce false positives.
• Own alert lifecycle management including creation, tuning, validation, and retirement.
• Design and implement alert enrichment using IAM, CMDB, vulnerability, and threat intelligence sources.
• Ensure alerts are enriched with user, asset, privilege, and business context.
• Engineer and maintain Splunk data ingestion, normalization, and CIM compliance.
• Support onboarding of log sources across endpoint, network, cloud, and identity platforms.
• Develop detection use cases mapped to MITRE ATT&CK.
• Act as L3 escalation for complex SIEM and detection issues.
• Maintain SOPs, runbooks, and SIEM documentation.
• Mentor SIEM engineers and provide technical guidance.

Required Skills & Experience

• 6-10 years of experience in SIEM or security engineering roles.
• Strong hands-on expertise with Splunk Enterprise / Splunk ES.
• Proven experience in SIEM alert development, tuning, and enrichment.
• Strong understanding of security telemetry across endpoint, network, cloud, and IAM.
• Proficiency in SPL (Search Processing Language).
• Experience with MITRE ATT&CK and SOC workflows.
• Experience integrating SIEM with IAM, CMDB, vulnerability, and threat intel platforms.

Preferred Qualifications

• Experience in regulated environments such as healthcare or financial services.
• Exposure to SOAR platforms and automated response workflows.
• Scripting experience using Python or PowerShell.
• Relevant security or Splunk certifications.