Lead Security Engineering

Role Summary

The SIEM Engineer will implement and maintain SIEM platforms that enable effective security monitoring, threat detection, and incident response across the enterprise. This role focuses on capabilities like log onboarding, detection engineering, performance optimization, and usecase lifecycle management-working closely with SOC, Incident Response, and Security Engineering teams.

Key Responsibilities

• Configure, and maintain enterprise SIEM platforms (e.g., Microsoft Sentinel, Splunk, QRadar, Elastic).
• Implement log ingestion pipelines from cloud, on-Prem, network, endpoint, and identity sources.
• Develop, tune, and optimize detection rules, correlation logic, and analytics to reduce false positives and improve signal quality.
• Knowledge on building and maintaining SIEM data models, parsing logic, and normalization standards.
• Partner with SOC analysts to translate threat scenarios into actionable SIEM use cases.
• Support SIEM performance and cost optimization initiatives.
• Integrate SIEM with SOAR, threat intelligence feeds, and security tooling ecosystem.
• Maintain documentation, runbooks, and engineering standards for SIEM operations.

Required Qualifications

• 5-8 years of experience in SIEM engineering or security monitoring roles.
• Strong handson experience with at least one enterprise SIEM platform.
• Experience onboarding and parsing logs from cloud platforms (Azure/AWS/GCP), firewalls, EDR, IAM, and network devices.
• Knowledge of MITRE ATT&CK and detection engineering principles.
• Proficiency in KQL, SPL, or equivalent SIEM query languages.
• Scripting experience (Python, PowerShell, or similar).

Preferred Qualifications

• Experience integrating SIEM with SOAR platforms.
• Exposure to compliancedriven monitoring (ISO 27001, NIST, HIPAA, PCI).
• Cloudnative security monitoring experience.