🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Cookies & analytics consent
We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.
Read how we use data in our Privacy Policy and Terms of Service.
🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
CG-VAK Software & Exports Ltd. • Bengaluru, Karnataka, India
Role & seniority: Senior/Lead Detection Engineer (8+ years in Security Operations, Threat Hunting, or Detection Engineering)
SIEM/SOAR platforms (strong preference for Palo Alto Networks XSIAM/Cortex XSOAR)
API integrations, connectors, data ingestion, logging policies
Automation/Playbooks, SOAR workflows
scripting: Python, PowerShell
MITRE ATT&CK, cyber kill chain, threat intel, cloud (AWS/Azure/GCP)
SIEM AI/ML features for alerting and clustering
Design, develop, test, and deploy high-fidelity detection rules, correlational logic, and behavioral models; translate threat intel into actionable content
Create and maintain automation playbooks; integrate SIEM with other tools; improve alerting and incident triage
Manage SIEM platform health, data ingestion, onboarding of new log sources, performance monitoring; collaborate with SOC, Threat Hunters, and IR; drive post-incident improvements
8+ years in security operations/ threat hunting / detection engineering
Proven SIEM/SOAR content design and implementation (XSIAM/Cortex XSOAR preferred)
Strong scripting (Python, PowerShell); API/automation playbooks
Deep understanding of MITRE ATT&CK, cyber kill chain; security logging formats; Windows/Linux and cloud environments
Effective communication and problem-solving abilities
Key Skills For The Role Include
Detection Engineering and Content Development Design, develop, test, and deploy high-fidelity detection rules, correlation logic, and behavioral models within SIEM. Automation and Efficiency Development and maintenance of SOAR / automation playbooks SIEM integrations using APIs and connectors Application of built-in AI/ML capabilities within SIEM platforms to enhance detection and response. Subject matter expert for the SIEM platform, overseeing data ingestion, logging policies, platform health, and overall operational stability. primary point of contact for onboarding, troubleshooting, and management of all log sources ingested into the SIEM.” Collaboration and Continuous Improvement Collaborate closely with SOC Analysts, Threat Hunters, and Incident Response teams, and contribute to post-incident reviews to identify gaps and drive continuous improvements. Detection Engineering and Content Development
Design, develop, test, and deploy high-fidelity detection rules, correlational logic, and
behavioral models within SIEM.
Translate threat intelligence, known vulnerabilities, and observed attack techniques
(e.g., MITRE ATT&CK framework) into actionable detection content.
Continuously review and tune existing detection content to minimize false positives while
maximizing coverage of emerging threats.
Ensure all detection content is mapped to relevant security controls and incident
response playbooks.
Automation and Efficiency
Develop, implement, and maintain automation playbooks (using our SIEMs automation
engine) to automate repetitive Level 1 incident triage tasks, data enrichment, and initial
response actions.
Integrate SIEM with other security tools and enterprise platforms via APIs and
connectors to facilitate seamless data flow and automated response.
Explore and apply SIEMs built-in AI/ML capabilities to improve alert prioritization,
anomaly detection, and automated incident clustering.
Document automation logic, workflows, and effectiveness metrics.
Platform Management and Optimization
Act as a subject matter expert for the SIEM, including data ingestion, logging policies,
and platform health.
Collaborate with Security Architecture and IT teams to onboard new data sources into
SIEM, ensuring proper normalization and parsing for detection use cases.
Monitor platform performance, troubleshoot content execution issues, and assist in
maintaining the overall operational stability of the SIEM environment.
Collaboration and Improvement
Work closely with SOC Analysts, Threat Hunters, and Incident Responders to
understand their needs and develop content that directly supports their operations.
Participate in post-incident review processes to identify detection and automation gaps
and drive improvements.
Stay current with the latest cybersecurity trends, attack vectors, and SIEM features and
updates.
Qualifications
Required Skills and Experience
8+ years of experience in Security Operations, Threat Hunting, or Detection Engineering. Demonstrable expertise in designing and implementing detection content using a
SIEM/SOAR platform (strong preference for Palo Alto Networks XSIAM/Cortex XSOAR
experience).
Deep understanding of the cyber kill chain and MITRE ATT&CK framework. Proficiency in scripting languages (e.g., Python, PowerShell) for automation and data
manipulation.
Strong knowledge of security logging formats, network protocols, operating systems
(Windows, Linux), and cloud environments.
Experience with API integrations and developing automation playbooks (SOAR). Excellent analytical, problem-solving, and communication skills.
Preferred Qualifications
Hands-on experience with Palo Alto Networks XSIAM, including content creation and
automation development.
Relevant industry certifications (e.g., PCNSE, PCSAE, GCIH, GCFA, CISSP). Experience with cloud security monitoring (AWS, Azure, GCP). Familiarity with threat intelligence platforms and integrating intelligence feeds into
detection logic.
Skills: platforms,soc,security,intelligence,automation,logging,data,soar,skills,siem