Job Purposes:
- We are looking for a high-calibre SIEM Engineer with deep technical mastery in SIEM platform engineering and strong, hands-on security operations knowledge.
- This role is platform-first: you will own the architecture, performance, scalability, and reliability of the SIEM ecosystem end-to-end. While not a day-to-day SOC analyst role, you are expected to be fluent at security operations understanding attacker behavior, detection engineering, incident response workflows, and how SOCs operate at scale.
- If you enjoy building SIEMs that don't fall over and designing detections that actually work, this role is for you.
Job Responsibilities:
- Architect, build, and operate a large-scale SIEM platform (on-prem, cloud, or hybrid) with high availability, performance, and cost efficiency.
- Design and maintain SIEM infrastructure components .
- Own performance tuning and capacity planning: EPS/TPS modeling & Search concurrency and workload management.
- Storage, compute, and licensing optimization.
- Onboard of new log sources at scale (cloud, endpoint, network, identity, SaaS, custom apps).
- Automate where possible: SIEM deployments, upgrades, and configuration (IaC, CI/CD) & Content deployment and version control.
- Troubleshoot complex SIEM failures spanning OS, network, storage, query performance, and data integrity.
- Act as escalation point for SIEM platform incidents and outages.
- Design, review, and optimize high-fidelity detection use cases aligned to MITRE ATT&CK.
- Translate threat scenarios and adversary behavior into scalable detection logic.
- Tune detections to balance coverage, precision, and SOC workload.
- Partner with SOC teams to: Improve alert quality and investigation workflows & Enable effective triage and response through better data and context.
- Understand incident response lifecycle well enough to design SIEM content that actually helps responders.
- Support threat hunting activities by enabling performant, flexible search and analytics.
- Serve as technical authority for SIEM engineering across the organization.
- Define SIEM engineering standards, patterns, and best practices.
- Mentor junior SIEM engineers and detection engineers.
- Collaborate closely with SOC, IR, Threat Intel, Cloud, and Infrastructure teams.
- Provide clear technical guidance during major incidents and post-incident reviews.
Job Requirements:
- Bachelor Degree in Business, Computer Science, Information Security, Cybersecurity, with related technical field, or equivalent.
- 8+ years of hands-on experience in security engineering, SIEM engineering, or large-scale security monitoring platforms (on-prem, cloud or hybrid).
- Proven experience supporting 24x7 SOC environments and high-volume log ingestion.
- Demonstrated ownership of SIEM architecture, performance tuning, and detection engineering.
Skills & Competencies Requirements:
- SIEM Platform Expertise Deep hands-on experience designing, operating, and optimizing enterprise SIEM platforms, including architecture, performance tuning, and capacity planning.
- Security Detection & SOC Knowledge Strong understanding of SOC operations, incident response workflows, and the ability to design and tune effective, high-fidelity security detections.
- Systems, Cloud & Infrastructure Skills Solid foundation in Linux, networking, and cloud platforms, with experience integrating and managing security telemetry across hybrid environments.
- Automation & Engineering Discipline Proficiency in scripting and automation to standardize SIEM deployments, content management, and operational processes.
- Advanced Troubleshooting & Problem Solving Ability to diagnose and resolve complex, multi-layer technical issues under pressure in mission-critical environments.
- Technical Leadership & Collaboration Acts as a technical authority, mentors engineers, and collaborates effectively across SOC, cloud, and infrastructure teams to deliver secure outcomes.
