HamburgerMenu
hirist

Artificial Intelligence

Machine Learning

NLP

Generative AI

Predictive Modeling

Query Segmentation

AI Interface

LLM

Deep Learning

MLOps

Security Architect - AI

Cloud Architect - ML/AI

Data Scientist

Data Modeling

Data Analytics & BI

Data Engineering

Backend Development

Frontend Development

Full Stack

Mobile Applications

Emerging Technologies

DevOps / SRE

CyberSecurity

Quality Assurance

Platform Engineering / SAP/Oracle

Product Management

Business Analysis and Project Management

UI & Design

Semiconductor/VLSI/EDA

Others

Principal Content Developer - SIEM Platform

HyreSnap
Remote
7 - 15 Years
star-icon
4.5white-divider16+ Reviews
SIEMSecurityCyber SecurityIncident ManagementLog Management ToolsSplunk

Posted on: 16/07/2025

Job Description

Key Responsibilities :

- Architect, develop, and optimize detection content across SIEM platforms such as Microsoft Sentinel, Splunk, and Google Chronicle.

- Normalize and structure diverse log sources using schemas like Splunk CIM, Microsoft Sentinel, OCSF, and Chronicle UDM to ensure consistent detection across the board.

- Collaborate with teams including Threat Labs and Data Engineering to improve parsing, data transformation, and use case configurations.

- Perform end-to-end development, customization, and onboarding of supported and custom data sources (EDR, firewall, antivirus, proxies, OS, databases).

- Repair events with missing or incorrect data, create parser extensions, and manage flow logic for log ingestion pipelines.

- Conduct log source analysis and maintain robust documentation of data structures, parsing rules, and detection logic.

- Build and maintain monitoring reports to ensure data pipeline availability and proactively identify performance issues or gaps in data coverage.

- Continuously evaluate and refine detection content and parsing logic for high fidelity and low false-positive rates.

Required Qualifications :

- 7+ years of experience in security engineering, detection content development, or SIEM management.

- Strong hands-on experience with SIEM platforms, particularly Microsoft Sentinel, Splunk, and Chronicle.

- Expertise with multiple data models including Splunk CIM, Sentinel schemas, Chronicle UDM, and OCSF.

- Experience working with diverse log sources (e.g., EDRs, firewalls, antivirus, proxies, databases, OS logs).

- Skilled in event parsing, field extraction, normalization, and enrichment for log data.

- Familiarity with scripting/query languages such as KQL, SPL, and UDM search syntax.

- Strong understanding of SOC operations, detection engineering workflows, and threat modeling frameworks (MITRE ATT&CK, etc.).

Preferred Qualifications :


- Experience working with cloud-native and hybrid security architectures.

- Familiarity with data transformation tools and stream processing pipelines.

- Previous collaboration with threat research or threat intelligence teams.

- Security certifications such as GCIA, GCTI, or similar are a plus.

info-icon

Did you find something suspicious?

Posted By

Anamika V

Talent Acquisition at HyreSnap

Last Active: 26 Nov 2025

Job Views:  
71
Applications:  18
Recruiter Actions:  3

Posted in

CyberSecurity

Functional Area

Cyber Security

Job Code

1513873

Jobs by location

Interview Questions for you

View All
Blog for regisnation

How to Write Leave Application for Urgent Work: Format & Samples (2025)

Blog for regisnation

Top 90+ Machine Learning Interview Questions and Answers

Blog for regisnation

Top 40+ Deep Learning Interview Questions and Answers