Role: Senior SOC Infrastructure & SIEM Engineer
Industry Type: IT Services & Consulting
Department: IT & Information Security
Employment Type: Full Time, Permanent
Role Category: IT Security
UG: B.C.A. in Cybersecurity, B.Tech / B.E. in Any Specialization
Senior SIEM and SOC Platform Engineer
Position Overview
Cyber Sigma is looking for a Senior SIEM and SOC Platform Engineer to design and build an enterprise-grade Security Information and Event Management and Security Operations platform.
The candidate will be responsible for security-data ingestion, normalization, enrichment, detection engineering, correlation, alerting, investigation, orchestration, case management, dashboards and platform operations.
The candidate should have the ability to create a product-oriented SIEM platform instead of only installing or administering an existing tool.
Key Responsibilities
SIEM Platform Architecture
- Design a scalable, multi-tenant SIEM architecture.
- Build log-collection, ingestion and processing pipelines.
- Develop secure agent and agentless data-collection mechanisms.
- Design hot, warm, cold and archive data-retention tiers.
- Implement high availability, fault tolerance and disaster recovery.
- Design secure tenant isolation and customer-specific workspaces.
- Establish role-based access for SOC analysts, customers and administrators.
- Develop platform-health, pipeline-health and data-quality monitoring.
- Optimize the platform for performance, storage and search efficiency.
Log Collection and Integration
Develop integrations and parsers for:
- Windows systems
- Linux systems
- Network devices
- Firewalls
- VPN systems
- Active Directory
- Identity and access-management platforms
- Endpoint-security products
- Cloud platforms
- Email-security systems
- Web applications
- Databases
- Containers and Kubernetes
- SaaS applications
- API gateways
- Vulnerability scanners
- Threat-intelligence feeds
- Custom business applications
Detection Engineering
- Create and maintain detection rules and correlation logic.
- Map detections to recognized attack techniques and tactics.
- Develop use cases for authentication, privilege abuse, lateral movement, malware, data exfiltration, cloud attacks and insider threats.
- Build behavioural baselines and anomaly-detection capabilities.
- Tune detection rules to reduce false positives.
- Establish detection testing and validation processes.
- Develop detection-as-code practices.
- Maintain use-case versioning and deployment pipelines.
- Measure coverage against threat scenarios.
- Develop organization-specific and industry-specific detection packs.
SOC Workflow Development
- Build alert-triage and investigation workflows.
- Develop incident and case-management functionality.
- Create analyst queues, severity models and escalation workflows.
- Develop automated playbooks and response workflows.
- Integrate threat intelligence, asset criticality and vulnerability data.
- Create investigation timelines and evidence records.
- Build SLA tracking and escalation mechanisms.
- Enable analyst collaboration and audit trails.
- Develop executive, SOC manager, analyst and customer dashboards.
Advanced Platform Capabilities
- Security analytics and behavioural analysis
- User and entity behaviour analytics
- Threat-intelligence management
- Automated enrichment
- Security orchestration and response
- Attack-path analysis
- Knowledge-graph-based investigation
- AI-assisted alert triage
- AI-assisted incident summarization
- Natural-language security search
- Predictive risk analysis
- Automated incident-report generation
- Continuous control monitoring
- Compliance-oriented log and evidence reporting
Required Technical Skills
- Linux system administration
- Windows security logging
- Network and security protocols
- Log-processing pipelines
- Search and analytics engines
- Message queues and streaming technologies
- Python, Go, Java or a comparable programming language
- Regular expressions and parser development
- SQL and NoSQL databases
- REST APIs and webhooks
- Containerization
- Kubernetes
- Cloud infrastructure
- Infrastructure as code
- Git and CI/CD
- Monitoring and observability
Security Knowledge
- SOC operations
- Incident response
- Threat hunting
- Detection engineering
- Malware and attack behaviour
- Network-security monitoring
- Cloud-security monitoring
- Endpoint telemetry
- Threat intelligence
- Digital forensics fundamentals
- Vulnerability management
- Identity-security monitoring
- Security automation
Required Qualifications
- Bachelors or MasterÆs degree in Computer Science, Cybersecurity, Engineering or a related discipline.
- Five to twelve years of experience in SIEM, SOC, detection engineering or security-platform development.
- Experience handling high-volume security data.
- Experience developing log parsers and correlation rules.
- Experience integrating multiple enterprise security products.
- Strong troubleshooting and performance-optimization skills.
- Ability to translate attack scenarios into monitoring and detection use cases.
Preferred Certifications
- CISSP
- GIAC certifications
- Certified SOC Analyst
- Cloud-security certification
- Kubernetes certification
- Vendor-neutral incident-response or threat-hunting certification
Key Performance Indicators
- Number and quality of completed data-source integrations.
- Event ingestion success rate.
- Parser accuracy and data-normalization quality.
- Mean time to detect.
- Mean time to acknowledge.
- Mean time to respond.
- False-positive reduction.
- Detection coverage.
- Platform availability.
- Query and dashboard performance.
- Number of automated investigation and response workflows.
- Customer onboarding time.
- Resolution time for ingestion and platform issues.
Practical Interview Assessment
Candidates may be asked to:
- Design a multi-tenant SIEM architecture.
- Create a parser for a sample log source.
- Write detection logic for an account-compromise scenario.
- Design an incident-triage workflow.
- Explain data-retention and storage-tiering strategy.
- Diagnose a high-volume ingestion-performance problem.
- Design a detection-testing and rule-tuning process.