SIEM Detection Engineer

Key Responsibilities: 

• Develop, maintain, and continuously improve SIEM detection rules
• Design detections based on:
  • MITRE ATT&CK techniques
  • Threat intelligence and real incident learnings
• Support onboarding and improvement of log sources in SIEM platforms
• Analyze systems and applications to understand what should be logged and how it supports detection
• Improve log quality, parsing, enrichment, and overall data consistency
• Tune detections to reduce false positives and improve alert quality
• Validate detections
• Create and maintain:
  • Detection documentation and use-case descriptions
  • Dashboards and visualizations for SOC operations
  • Alert context and investigation guidance for analysts
• Monitor detection effectiveness using metrics such as alert quality, coverage, and MTTD
• Automate repetitive tasks and improve detection workflows (Python or similar)
• Collaborate with team members, share knowledge, and support continuous improvement
• Stay up to date with emerging threats and detection techniques