SIEM Engineer/Subject Matter Expert - Threat Detection

We are looking for a highly skilled SME SIEM Engineer with strong hands-on experience in designing, developing, and optimizing security content across SIEM platforms such as Google Chronicle, Sumo Logic, and Splunk. The ideal candidate will be responsible for building threat detections, integrating log sources, enhancing incident response workflows, and improving the overall effectiveness of the Security Operations environment.

Key Responsibilities :

- Develop, implement, and fine-tune security detection content on SIEM platforms including Google Chronicle, Sumo Logic, and Splunk.

- Configure and optimize use cases, correlation rules, grouping, logical rules, and event patterns.

- Build detections aligned with MITRE ATT&CK techniques and SIGMA-based rule sets.

- Onboard and integrate new log sources such as Proxy, VPN, Firewall, DLP, Cloud logs, and endpoint security tools.

- Validate and normalize logs to ensure complete and accurate ingestion into SIEM.

- Maintain and enhance integrations with threat intelligence feeds.

- Draft, test, and deploy YARA rules and Chronicle Backstory detections.

- Develop and maintain CrowdStrike detection rules where required.

- Identify visibility gaps and propose new controls or content improvements.

- Perform data analysis to identify anomalous behavior and emerging threats.

- Create, update, and maintain Incident Response Guides (IRGs) for various threat scenarios.

- Work closely with SOC analysts to refine detection logic and reduce false positives.

- Provide SME-level support for escalated investigations, detection tuning, and forensic analysis.

- Contribute to the improvement of existing SIEM processes, detection frameworks, and engineering workflows.

- Define standard operating procedures (SOPs), playbooks, and documentation for new and updated use cases.

- Ensure alignment with best practices, compliance standards, and organizational security policies.

Required Technical Skills :

- Google Chronicle

- Sumo Logic

- Splunk

- (Optional) ELK Stack

- Experience with rule creation and detection engineering, including :

- YARA

- Chronicle Backstory rules

- SIGMA rules

- Experience developing detections across multiple datasets such as :

- Firewall, Proxy, VPN, DLP logs

- Endpoint security (CrowdStrike preferred)

- Familiarity with the MITRE ATT&CK Framework, threat modeling, and adversary behavior detection.

- Knowledge of log management, event correlation, and security analytics.

- Strong understanding of Security Operations, incident response workflows, and detection lifecycle.

- Experience with CrowdStrike rules, ELK Stack, or Chronicle specialized features.

- Knowledge of Python, Regex, or scripting languages for automation.

- Experience with threat intelligence sources and enrichment processes.

- Background in SOC operations or cyber threat detection roles.

Soft Skills :

- Strong analytical and problem-solving capabilities.

- Ability to work collaboratively with SOC, incident response, and engineering teams.

- Excellent communication and documentation skills.

- Ability to independently manage tasks and drive improvements.