Key Skills For The Role Include- Detection Engineering and Content Development
- Design, develop, test, and deploy high-fidelity detection rules, correlation logic, and behavioral models within SIEM.
- Automation and Efficiency
- Development and maintenance of SOAR / automation playbooks
- SIEM integrations using APIs and connectors
- Application of built-in AI/ML capabilities within SIEM platforms to enhance detection and response.
- Subject matter expert for the SIEM platform, overseeing data ingestion, logging policies, platform health, and overall operational stability. primary point of contact for onboarding, troubleshooting, and management of all log sources ingested into the SIEM.
- Collaboration and Continuous Improvement
- Collaborate closely with SOC Analysts, Threat Hunters, and Incident Response teams, and contribute to post-incident reviews to identify gaps and drive continuous improvements.
Detection Engineering and Content Development
- Design, develop, test, and deploy high-fidelity detection rules, correlational logic, and
behavioral models within SIEM.
- Translate threat intelligence, known vulnerabilities, and observed attack techniques
(e.g., MITRE ATT&CK framework) into actionable detection content.
- Continuously review and tune existing detection content to minimize false positives while
maximizing coverage of emerging threats.
- Ensure all detection content is mapped to relevant security controls and incident
response playbooks.
Automation and Efficiency
- Develop, implement, and maintain automation playbooks (using our SIEMs automation
engine) to automate repetitive Level 1 incident triage tasks, data enrichment, and initial
response actions.
- Integrate SIEM with other security tools and enterprise platforms via APIs and
connectors to facilitate seamless data flow and automated response.
- Explore and apply SIEMs built-in AI/ML capabilities to improve alert prioritization,
anomaly detection, and automated incident clustering.
- Document automation logic, workflows, and effectiveness metrics.
Platform Management and Optimization
- Act as a subject matter expert for the SIEM, including data ingestion, logging policies,
and platform health.
- Collaborate with Security Architecture and IT teams to onboard new data sources into
SIEM, ensuring proper normalization and parsing for detection use cases.
- Monitor platform performance, troubleshoot content execution issues, and assist in
maintaining the overall operational stability of the SIEM environment.
Collaboration and Improvement
- Work closely with SOC Analysts, Threat Hunters, and Incident Responders to
understand their needs and develop content that directly supports their operations.
- Participate in post-incident review processes to identify detection and automation gaps
and drive improvements.
- Stay current with the latest cybersecurity trends, attack vectors, and SIEM features and
updates.
Qualifications
Required Skills and Experience
- 8+ years of experience in Security Operations, Threat Hunting, or Detection Engineering.
- Demonstrable expertise in designing and implementing detection content using a
SIEM/SOAR platform (strong preference for Palo Alto Networks XSIAM/Cortex XSOAR
experience).
- Deep understanding of the cyber kill chain and MITRE ATT&CK framework.
- Proficiency in scripting languages (e.g., Python, PowerShell) for automation and data
manipulation.
- Strong knowledge of security logging formats, network protocols, operating systems
(Windows, Linux), and cloud environments.
- Experience with API integrations and developing automation playbooks (SOAR).
- Excellent analytical, problem-solving, and communication skills.
Preferred Qualifications
- Hands-on experience with Palo Alto Networks XSIAM, including content creation and
automation development.
- Relevant industry certifications (e.g., PCNSE, PCSAE, GCIH, GCFA, CISSP).
- Experience with cloud security monitoring (AWS, Azure, GCP).
- Familiarity with threat intelligence platforms and integrating intelligence feeds into
detection logic.
Skills: platforms,soc,security,intelligence,automation,logging,data,soar,skills,siem
