Senior SOC Infrastructure & SIEM Engineer
Apply Now
Home Jobs Cybersigma Consulting Services Llp Senior SOC Infrastructure & SIEM Engineer

Senior SOC Infrastructure & SIEM Engineer

Date Posted
14 July 2026
Location
Noida
Positions
1
Views
1
Employment Information
Open Positions
1
Location
Noida
Address
Noida
Experience
3 Years
Functional Area
Design
Job Description

Role: Senior SOC Infrastructure & SIEM Engineer

Industry Type: IT Services & Consulting

Department: IT & Information Security

Employment Type: Full Time, Permanent

Role Category: IT Security

UG: B.C.A. in Cybersecurity, B.Tech / B.E. in Any Specialization

Senior SIEM and SOC Platform Engineer

Position Overview

Cyber Sigma is looking for a Senior SIEM and SOC Platform Engineer to design and build an enterprise-grade Security Information and Event Management and Security Operations platform.

The candidate will be responsible for security-data ingestion, normalization, enrichment, detection engineering, correlation, alerting, investigation, orchestration, case management, dashboards and platform operations.

The candidate should have the ability to create a product-oriented SIEM platform instead of only installing or administering an existing tool.

Key Responsibilities

SIEM Platform Architecture

  • Design a scalable, multi-tenant SIEM architecture.
  • Build log-collection, ingestion and processing pipelines.
  • Develop secure agent and agentless data-collection mechanisms.
  • Design hot, warm, cold and archive data-retention tiers.
  • Implement high availability, fault tolerance and disaster recovery.
  • Design secure tenant isolation and customer-specific workspaces.
  • Establish role-based access for SOC analysts, customers and administrators.
  • Develop platform-health, pipeline-health and data-quality monitoring.
  • Optimize the platform for performance, storage and search efficiency.

Log Collection and Integration

Develop integrations and parsers for:

  • Windows systems
  • Linux systems
  • Network devices
  • Firewalls
  • VPN systems
  • Active Directory
  • Identity and access-management platforms
  • Endpoint-security products
  • Cloud platforms
  • Email-security systems
  • Web applications
  • Databases
  • Containers and Kubernetes
  • SaaS applications
  • API gateways
  • Vulnerability scanners
  • Threat-intelligence feeds
  • Custom business applications

Detection Engineering

  • Create and maintain detection rules and correlation logic.
  • Map detections to recognized attack techniques and tactics.
  • Develop use cases for authentication, privilege abuse, lateral movement, malware, data exfiltration, cloud attacks and insider threats.
  • Build behavioural baselines and anomaly-detection capabilities.
  • Tune detection rules to reduce false positives.
  • Establish detection testing and validation processes.
  • Develop detection-as-code practices.
  • Maintain use-case versioning and deployment pipelines.
  • Measure coverage against threat scenarios.
  • Develop organization-specific and industry-specific detection packs.

SOC Workflow Development

  • Build alert-triage and investigation workflows.
  • Develop incident and case-management functionality.
  • Create analyst queues, severity models and escalation workflows.
  • Develop automated playbooks and response workflows.
  • Integrate threat intelligence, asset criticality and vulnerability data.
  • Create investigation timelines and evidence records.
  • Build SLA tracking and escalation mechanisms.
  • Enable analyst collaboration and audit trails.
  • Develop executive, SOC manager, analyst and customer dashboards.

Advanced Platform Capabilities

  • Security analytics and behavioural analysis
  • User and entity behaviour analytics
  • Threat-intelligence management
  • Automated enrichment
  • Security orchestration and response
  • Attack-path analysis
  • Knowledge-graph-based investigation
  • AI-assisted alert triage
  • AI-assisted incident summarization
  • Natural-language security search
  • Predictive risk analysis
  • Automated incident-report generation
  • Continuous control monitoring
  • Compliance-oriented log and evidence reporting

Required Technical Skills

  • Linux system administration
  • Windows security logging
  • Network and security protocols
  • Log-processing pipelines
  • Search and analytics engines
  • Message queues and streaming technologies
  • Python, Go, Java or a comparable programming language
  • Regular expressions and parser development
  • SQL and NoSQL databases
  • REST APIs and webhooks
  • Containerization
  • Kubernetes
  • Cloud infrastructure
  • Infrastructure as code
  • Git and CI/CD
  • Monitoring and observability

Security Knowledge

  • SOC operations
  • Incident response
  • Threat hunting
  • Detection engineering
  • Malware and attack behaviour
  • Network-security monitoring
  • Cloud-security monitoring
  • Endpoint telemetry
  • Threat intelligence
  • Digital forensics fundamentals
  • Vulnerability management
  • Identity-security monitoring
  • Security automation

Required Qualifications

  • Bachelors or MasterÆs degree in Computer Science, Cybersecurity, Engineering or a related discipline.
  • Five to twelve years of experience in SIEM, SOC, detection engineering or security-platform development.
  • Experience handling high-volume security data.
  • Experience developing log parsers and correlation rules.
  • Experience integrating multiple enterprise security products.
  • Strong troubleshooting and performance-optimization skills.
  • Ability to translate attack scenarios into monitoring and detection use cases.

Preferred Certifications

  • CISSP
  • GIAC certifications
  • Certified SOC Analyst
  • Cloud-security certification
  • Kubernetes certification
  • Vendor-neutral incident-response or threat-hunting certification

Key Performance Indicators

  • Number and quality of completed data-source integrations.
  • Event ingestion success rate.
  • Parser accuracy and data-normalization quality.
  • Mean time to detect.
  • Mean time to acknowledge.
  • Mean time to respond.
  • False-positive reduction.
  • Detection coverage.
  • Platform availability.
  • Query and dashboard performance.
  • Number of automated investigation and response workflows.
  • Customer onboarding time.
  • Resolution time for ingestion and platform issues.

Practical Interview Assessment

Candidates may be asked to:

  1. Design a multi-tenant SIEM architecture.
  2. Create a parser for a sample log source.
  3. Write detection logic for an account-compromise scenario.
  4. Design an incident-triage workflow.
  5. Explain data-retention and storage-tiering strategy.
  6. Diagnose a high-volume ingestion-performance problem.
  7. Design a detection-testing and rule-tuning process.

Share this job: