Senior SIEM Engineer

Job Title:SeniorSIEMEngineer

Location:Chandigarh

Experience:8+Years

Employment Type:Full-time

About the role

We are looking for aSenior SIEM Engineerwith deepexpertisein Microsoft Sentinel and Microsoft Defenderto help design, build, andoptimizea modern security monitoring and detection ecosystem. This role is ahands-on senior security engineering positionresponsible for strengthening enterprise and hybrid cloud security through advanced SIEM architecture, detection engineering, automation, and incident response support.

You will act as atechnical authority for threat detection and security monitoring,helping build asecurity-first environment across cloud, identity, endpoint, and network infrastructurefollowing the organization's transformation into an independent securityarchitecture. Theideal candidate combinesstrategic security thinking with strong technical executionacross SIEM engineering, SOC operations, and Microsoft security platforms.

Key Responsibilities

Microsoft Security Stack (Core Focus)

Design, implement, and manage security monitoring capabilities using:

• Microsoft Sentinel
• Microsoft Defender for Endpoint
• Microsoft Defender for Identity
• Microsoft Defender for Office 365
• MicrosoftEntraID

Build advanced detection logic usingKQL, automation rules, and SOAR playbooksto improve threat visibility and response capabilities.

Sentinel Architecture Implementation

Phase 1: Design and Implement Full Microsoft Sentinel Architecture

Lead the architecture, deployment, and optimization of the enterprise SIEM environment including:

• Configuredata connectorsfor Azure, Microsoft 365, third-party security tools, and infrastructure logs via Syslog / CEF.
• Design and deployLog Analytics Workspaces, including retention policies, ingestion pipelines, and data tiering strategy for cost optimization.
• DevelopKQL-based analytic rules, scheduled query rules, and Fusion detections toidentifymalicious activity and anomalies.
• ConfigureUEBA (User & EntityBehaviorAnalytics)to detect insider threats and identity-based anomalies.
• BuildSentinel workbooks, dashboards, and operational viewsto provide real-time visibility for SOC teams and leadership.
• Implementwatchlists and threat intelligence feeds,mapping detections to theMITRE ATT&CKframework.
• Integrate Sentinel withCortex XSOARforbi-directional incident synchronization and automated response workflows.

Phase 2: Continuous Optimization & Detection Engineering

• Perform ongoinganalytics rule tuning and false positive reduction.
• Maintain and enhance detection content and security use cases.
• OptimizeKQL queries and detection logic to improve performance and detection accuracy.
• Expand coverage using threat intelligence insights and evolving attacker techniques.
• Continuously improve SIEM architecture to support SOC maturity and operational efficiency.

Security Operations & Incident Response

• Support SOC teams inadvanced threat detection, investigation, and incident response.
• Performproactive threat hunting using KQLtoidentifystealthy threats and anomalousbehavior.
• Assistinforensic investigations, incident scoping, and post-incident reviews.
• Improve SOC response metrics such asMTTR and detection coverage.

Hybrid Cloud & Identity Security

Design and secureAzure-centric environmentsincluding:

• Identity architecture usingRBAC, MFA, OAuth, and SAML.
• Secure cloud landing zones and identity-driven security models.
• Monitoring of identity threats across MicrosoftEntraID.

Network & Infrastructure Security

Support enterprise security architecture including:

• Firewalls, IDS/IPS, VPNs, segmentation, and secure protocols.
• Security monitoring acrossenterprise and OT/manufacturing environments.
• Log ingestion and correlation from network security devices.

Automation & Security Engineering

Develop automation to enhance SOC efficiency:

• Build scripts usingPowerShell, Python, and KQLfor detection, response, and monitoring.
• Developautomation workflows and Logic Appsfor incident containment and response.
• Integrate security platforms to reduce manual SOC workload.

Compliance, Governance & Security Frameworks

Ensure security practices align with industry standards including:

• ISO 27001
• NIST Cybersecurity Framework
• CIS Benchmarks
• GDPR and PCI DSS compliance

Support security audits, documentation, and governance programs.

Platform & OS Security

Implement andmonitorsecurity controls across:

• Windows, Linux, and macOS environments
• Patch management and system hardening
• Container security (Docker, Kubernetes)

Leadership & Collaboration

• Mentor junior engineers and SOC analysts onKQL, detection engineering, and Sentinel architecture.
• Collaborate with IT, cloud, infrastructure, and application teams to implement security best practices.
• Influencesecurity strategy and long-term SOC maturity initiatives.

Required Skills & Experience

Mandatory

• 8+ years of experience in security engineering, SOC operations, or SIEM engineering
• 8+ years of experience with Microsoft Sentinel and Microsoft Defender platforms
• DeepexpertiseinKQL (Kusto Query Language)
• Strong experience withSIEM architecture, log ingestion, and detection engineering
• Hands-on experience withMicrosoft Defender ecosystem

Technical Skills

• Microsoft Sentinel architecture and content development
• Threat detection and incident investigation
• Azure security and identity protection
• Security automation usingLogic Apps / SOAR platforms
• Scripting withPowerShell or Python

Nice to Have

• Experience integrating Sentinel withSOAR platforms such as Cortex XSOAR
• Knowledge ofthreat intelligence platforms and IOC management
• Security certifications such as:
• SC-200
• AZ-500
• CISSP
• GIAC certifications