SI
Lead Security Engineer (SIEM)
Accepting applicationsStaples India · Chennai, Tamil Nadu, India
Full-Time Mid_senior MentorSOC
Estimated market salary
₹31-56 LPA
This is a SiliconBoard market estimate, not an employer-posted salary.
Posted
5d ago
Category
Design
Experience
Mid_senior
Country
India
Duties & Responsibilities
Architect and optimize SIEM platforms (e.g., Microsoft Sentinel, Splunk), including ingestion pipelines, parsing/normalization, enrichment, and correlation logic.
Engineer and operate Cribl Stream and Cribl Edge for log routing, filtering, transformation, enrichment, data reduction, and destination fanout (SIEM, data lake, cold storage).
Design and maintain telemetry onboarding with schema mapping, collectors/agents, connectors, API integrations, replay, and edge collection for diverse sources (endpoint, network, cloud, identity, app).
Develop advanced detections and analytics (rules, queries, correlations) aligned to MITRE ATT&CK, emerging TTPs, and threat intelligence; measure detection efficacy and coverage.
Lead systematic alert tuning to reduce false positives and improve signaltonoise, leveraging Cribl pipelines and SIEM analytics to standardize high-fidelity events.
Build investigation assets (dashboards, hunting queries, data models) that accelerate SOC workflows and rootcause analysis across telemetry domains.
Monitor ingestion health and cost (EPS/GB/day, license utilization), implement Criblbased data controls (sampling, routing, suppression) to ensure reliability and budget adherence.
Perform RCA on detection gaps and pipeline failures; implement durable fixes in Cribl routes/pipelines and SIEM parsing/enrichment layers.
Mentor engineers and analysts on KQL/SPL, detection engineering patterns, Cribl pipeline design, and telemetry best practices; conduct peer reviews and standards governance.
Maintain documentation: data dictionaries, detection catalogs, Cribl pipeline/runbooks, ingestion maps, and metrics reporting on coverage, fidelity, MTTR, and pipeline SLOs.
Requirements
Basic Qualifications
Solid understanding of network protocols, data protection mechanisms, and threat landscapes
Hands-on experience with security systems, including firewalls, intrusion detection systems, anti-virus software, etc.
Preferred Qualifications
Industry-recognized certifications (e.g., CISSP, CISM, CEH)
Master’s degree in Cybersecurity or a related field
Show more Show less
Architect and optimize SIEM platforms (e.g., Microsoft Sentinel, Splunk), including ingestion pipelines, parsing/normalization, enrichment, and correlation logic.
Engineer and operate Cribl Stream and Cribl Edge for log routing, filtering, transformation, enrichment, data reduction, and destination fanout (SIEM, data lake, cold storage).
Design and maintain telemetry onboarding with schema mapping, collectors/agents, connectors, API integrations, replay, and edge collection for diverse sources (endpoint, network, cloud, identity, app).
Develop advanced detections and analytics (rules, queries, correlations) aligned to MITRE ATT&CK, emerging TTPs, and threat intelligence; measure detection efficacy and coverage.
Lead systematic alert tuning to reduce false positives and improve signaltonoise, leveraging Cribl pipelines and SIEM analytics to standardize high-fidelity events.
Build investigation assets (dashboards, hunting queries, data models) that accelerate SOC workflows and rootcause analysis across telemetry domains.
Monitor ingestion health and cost (EPS/GB/day, license utilization), implement Criblbased data controls (sampling, routing, suppression) to ensure reliability and budget adherence.
Perform RCA on detection gaps and pipeline failures; implement durable fixes in Cribl routes/pipelines and SIEM parsing/enrichment layers.
Mentor engineers and analysts on KQL/SPL, detection engineering patterns, Cribl pipeline design, and telemetry best practices; conduct peer reviews and standards governance.
Maintain documentation: data dictionaries, detection catalogs, Cribl pipeline/runbooks, ingestion maps, and metrics reporting on coverage, fidelity, MTTR, and pipeline SLOs.
Requirements
Basic Qualifications
Solid understanding of network protocols, data protection mechanisms, and threat landscapes
Hands-on experience with security systems, including firewalls, intrusion detection systems, anti-virus software, etc.
Preferred Qualifications
Industry-recognized certifications (e.g., CISSP, CISM, CEH)
Master’s degree in Cybersecurity or a related field
Show more Show less