Pune, Maharashtra, India
Job ID:
R0102771
Date Posted:
2025-08-14
Company Name:
HITACHI INDIA PVT. LTD
Profession (Job Category):
Other
Job Schedule:
Full time
Job Description:
Job Title: SIEM Detection Engineer
Designation : Engineer
Company: Cumulus Systems Pvt. Ltd.
Pune, India
Salary: As per Industry
Company Overview:
Cumulus Systems engages in providing End-to-End Software Development Lifecycle involving Business & Requirements Analysis, Solution Architecture & Design, Development, Testing, Deployment and Postproduction Support. Its cross-domain storage performance management platform called MARS (Measure Analyze Recommend Solve) monitors and helps manage large-scale, heterogeneous IT infrastructure across the entire enterprise.
Position Overview:
As an L2 Detection Specialist, you will design, test, and maintain high-fidelity detection content in one of the following SIEM platforms Microsoft Sentinel (KQL) or Google Security Operations (YARA-L). Partnering closely with SOAR engineers, SOC analysts, and solutions engineers, you will perform proactive threat hunting, fine-tune alert logic, and ensure our global SOC can rapidly identify and respond to emerging threats.
Job Roles & Responsibilities:
-
Design, build, and maintain detection rules, correlation searches, dashboards, and reports in one or more of the specialized SIEM platform.
-
Continuously validate and tune detection logic through simulations, red-team findings, SOC false positives and live incident feedback.
-
Analyze log and telemetry data to uncover suspicious behaviors, patterns, and indicators of compromise; develop new signatures accordingly.
-
Integrate external threat-intelligence feeds (IoCs and TTPs) to enrich alerts and broaden detection coverage.
-
Leverage MITRE ATT&CK and other frameworks to guide prioritization and detection development methodology.
-
Perform periodic rule health checks, adjusting thresholds to maximize fidelity and minimize false positives.
-
Collaborate with SOAR engineers to automate enrichment, triage, and response actions that stem from SIEM alerts.
-
Conduct hypothesis & threat intelligence driven threat hunts to identify advanced attacker techniques not yet covered by automated detections.
-
Generate clear, actionable metrics and trend reports for SOC leadership, highlighting alert volumes, rule efficacy, and tuning outcomes. Maintain detection KPIs to measure alert accuracy.
-
Document all detection logic, tuning rationales, and operational procedures to support audit, compliance, and knowledge transfer.
-
Provide technical consultation during incident investigations and post-incident retrospectives, identifying detection gaps and recommending improvements.
Skills:
-
Strong understanding of MITRE ATT&CK and its practical application to detection engineering.
-
Familiarity with cloud infrastructures (Azure, GCP, AWS) and the security logs they generate.
-
Proficiency in scripting for automation (Python or PowerShell preferred).
-
Working knowledge of common security controls and telemetry sources firewalls, IDS/IPS, EDR, endpoint protection, cloud logs, etc.
-
Relevant certifications (any of): Admin SC-200 (Microsoft Sentinel) Google SecOps Certified CompTIA Security+ GCP / Azure / AWS Foundational.
-
Excellent written documentation skills and the ability to convey complex detection concepts to both technical and non-technical stakeholders.
Experience: Minimum 3 years overall experience in cybersecurity operations or engineering.
At least 1 2 years hands-on experience building detections in one of the following SIEMs: Microsoft Sentinel (KQL) or Google SecOps (YARA-L).
Nice-to-Have
-
Experience integrating SOAR playbooks with SIEM alerts.
-
Prior involvement in purple-team exercises or red-team simulations.
-
Knowledge of additional query or signature languages (e.g., Sigma, Elastic Query DSL).
-
Scripting Knowledge (Python, Powershell)
-
Data Analytics & Reporting Expertise in Microsoft PowerBI, Tableau or equivalents.
