We are looking for a high-calibre SIEM Engineer with deep technical mastery in SIEM platform engineering and strong, hands-on security operations knowledge.
This role is platform-first: you will own the architecture, performance, scalability, and reliability of the SIEM ecosystem end-to-end. While not a day-to-day SOC analyst role, you are expected to be fluent at security operations — understanding attacker behavior, detection engineering, incident response workflows, and how SOCs operate at scale.
If you enjoy building SIEMs that don't fall over and designing detections that actually work, this role is for you.
Job Responsibilities
Architect, build, and operate a large-scale SIEM platform (on-prem, cloud, or hybrid) with high availability, performance, and cost efficiency.
Design and maintain SIEM infrastructure components.
Own performance tuning and capacity planning (EPS/TPS Modeling, Search concurrency and workload management, Storage, compute, and licensing optimization).
Onboard of new log sources at scale (cloud, endpoint, network, identity, SaaS, custom apps).
Automate where possible (SIEM deployments, upgrades, and configuration (IaC, CI/CD) and Content deployment and version control).
Troubleshoot complex SIEM failures spanning OS, network, storage, query performance, and data integrity.
Act as escalation point for SIEM platform incidents and outages.
Design, review, and optimize high-fidelity detection use cases aligned to MITRE ATT&CK.
Translate threat scenarios and adversary behavior into scalable detection logic.
Tune detections to balance coverage, precision, and SOC workload.
Partner with SOC teams to (Improve alert quality and investigation workflows, enable effective triage and response through better data and context).
Understand incident response lifecycle well enough to design SIEM content that actually helps responders.
Support threat hunting activities by enabling performant, flexible search and analytics.
Serve as technical authority for SIEM engineering across the organization.
Define SIEM engineering standards, patterns, and best practices.
Mentor junior SIEM engineers and detection engineers
Collaborate closely with SOC, IR, Threat Intel, Cloud, and Infrastructure teams.
Provide clear technical guidance during major incidents and post-incident reviews.
Job Requirements
8+ years of hands-on experience in security engineering, SIEM engineering, or large-scale security monitoring platforms (on-prem, cloud or hybrid).
Proven experience supporting 24x7 SOC environments and high-volume log ingestion.
Demonstrated ownership of SIEM architecture, performance tuning, and detection engineering.
SIEM Platform Expertise – Deep hands-on experience designing, operating, and optimizing enterprise SIEM platforms, including architecture, performance tuning, and capacity planning.
Security Detection & SOC Knowledge – Strong understanding of SOC operations, incident response workflows, and the ability to design and tune effective, high fidelity security detections.
Systems, Cloud & Infrastructure Skills – Solid foundation in Linux, networking, and cloud platforms, with experience integrating and managing security telemetry across hybrid environments.
Automation & Engineering Discipline – Proficiency in scripting and automation to standardize SIEM deployments, content management, and operational processes.
Advanced Troubleshooting & Problem Solving – Ability to diagnose and resolve complex, multi-layer technical issues under pressure in mission-critical environments.
Technical Leadership & Collaboration – Acts as a technical authority, mentors engineers, and collaborates effectively across SOC, cloud, and infrastructure teams to deliver secure outcomes.
