Role Overview:
The SIEM Content Management Engineer will be responsible for designing, developing, optimizing, and maintaining SIEM content including use cases, correlation rules, threat models, dashboards, and reports. This role plays a critical part in enhancing threat detection capabilities and aligning SIEM content with evolving threat landscapes and business requirements.
Key Responsibilities:
- Develop and maintain SIEM use cases aligned with threat intelligence, MITRE ATT&CK framework, and business risks.
- Create and optimize correlation rules, alerts, dashboards, and reports in Securonix (or other SIEM platforms).
- Collaborate with Threat Intel, SOC, and Incident Response teams to identify detection gaps and build relevant content.
- Perform content lifecycle management including UAT, SB testing, and production deployment.
- Conduct periodic content reviews, reconciliation, and validation of data sources.
- Maintain documentation for all content including change tickets, business justification, and testing outcomes.
- Work closely with platform and engineering teams to ensure data quality and parsing standards.
- Support audit and compliance requirements by maintaining traceability and classification of SIEM content.
Required Skills & Qualifications:
- Strong experience with SIEM platforms (preferably PA XIAM, Google Secops, Securonix, Splunk, QRadar, etc.).
- Hands-on experience in writing correlation rules, threat models, and behavioral analytics.
- Familiarity with MITRE ATT&CK, kill chain, and threat detection frameworks.
- Experience in managing content lifecycle from UAT to Production.
- Knowledge of log sources, parsing, normalization, and data onboarding.
- Understanding of SOAR workflows and integration points.
- Excellent documentation and stakeholder communication skills.
- Ability to work in a fast-paced, audit-sensitive environment.
Preferred Certifications:
- GIAC Certified Detection Analyst (GCDA)
- Certified SOC Analyst (CSA)
- CISSP / CISM (optional but preferred)
