SecOps Developer - SIEM

Role : SecOps Developer

Experience : 4 to 6 Years

Location : PAN India (Remote/Hybrid/Onsite as needed)

Job Type : Full-time / Contract

Notice Period : Immediate to 30 days preferred

Role Summary :

- Develop automation scripts, integrations, and APIs for security tools (SIEM, SOAR, threat intel platforms).

- Build and maintain playbooks for incident response and SOAR workflows.

- Implement and optimize security use-cases, rules, alerts, and dashboards in SIEM tools (e.g., Splunk, QRadar, Sentinel).

- Support integration of security monitoring tools with ticketing systems (e.g., ServiceNow, JIRA).

- Collaborate with DevOps/Cloud teams to integrate security checks into CI/CD pipelines.

- Maintain code repositories for security automation (Git, GitHub Actions, Jenkins).

- Develop and document runbooks, scripts, and response automation logic.

- Continuously enhance and support the threat detection and incident response automation capabilities.

Technical Skills Required :

- 4 to 6 years of experience in SecOps, cybersecurity, or security automation roles.

- Proficient in scripting languages : Python (mandatory), PowerShell, Bash.

- Hands-on experience with :

- SIEM tools (Splunk, QRadar, Elastic Stack, or Microsoft Sentinel)

- SOAR platforms (Phantom, XSOAR, Tines, or others)

Familiarity with :

- REST APIs and JSON-based data handling

- Log parsing, correlation, and normalization techniques

- MITRE ATT&CK framework and security detection logic

- Knowledge of cloud platforms (AWS, Azure, or GCP) and cloud-native security tools.

- Basic understanding of DevSecOps tools like Snyk, Checkov, or Aqua Security.

Preferred Certifications (Nice to Have) :

- CompTIA Security+

- Microsoft SC-200 : Security Operations Analyst Associate

- Splunk Certified User / Admin

- Certified SOC Analyst (CSA)

- Any SOAR platform certification

Soft Skills :

- Strong problem-solving and debugging skills

- Excellent written and verbal communication

- Detail-oriented and capable of writing clean, well-documented code

- Ability to work in agile and fast-paced environments

- Willingness to learn new tools and technologies on the job

Nice to Have :

- Experience with Infrastructure-as-Code (IaC) and policy-as-code for security automation (e.g., Terraform, Ansible)

- Understanding of SIEM data onboarding

- Exposure to vulnerability management tools (e.g., Qualys, Nessus)