SIEM Detection Engineer - Cumulus Systems Pvt. Ltd.

Location:

Job ID:

Date Posted:

Company Name:

Profession (Job Category):

Job Schedule:

Remote:

Job Description:

Job Title:SIEM Detection Engineer

Designation:Engineer

Company:Cumulus Systems Pvt. Ltd.

Location:Pune India

Salary: As per Industry

Company Overview:

Cumulus Systems engages in providing End-to-End Software Development Lifecycle involving Business & Requirements Analysis Solution Architecture & Design Development Testing Deployment and Postproduction Support. Its cross-domain storage performance management platform called MARS (Measure Analyze Recommend Solve) monitors and helps manage large-scale heterogeneous IT infrastructure across the entire enterprise.

Position Overview:

As an L2 Detection Specialist you will design test and maintain high-fidelity detection content in one of the following SIEM platformsMicrosoft Sentinel (KQL) or Google Security Operations (YARA-L). Partnering closely with SOAR engineers SOC analysts and solutions engineers you will perform proactive threat hunting fine-tune alert logic and ensure our global SOC can rapidly identify and respond to emerging threats.

Job Roles & Responsibilities:

• Design build and maintain detection rules correlation searches dashboards and reports in one or more of the specialized SIEM platform.

• Continuously validate and tune detection logic through simulations red-team findings SOC false positives and live incident feedback.

• Analyze log and telemetry data to uncover suspicious behaviors patterns and indicators of compromise; develop new signatures accordingly.

• Integrate external threat-intelligence feeds (IoCs and TTPs) to enrich alerts and broaden detection coverage.

• Leverage MITRE ATT&CK and other frameworks to guide prioritization and detection development methodology.

• Perform periodic rule health checks adjusting thresholds to maximize fidelity and minimize false positives.

• Collaborate with SOAR engineers to automate enrichment triage and response actions that stem from SIEM alerts.

• Conduct hypothesis & threat intelligence driven threat hunts to identify advanced attacker techniques not yet covered by automated detections.

• Generate clear actionable metrics and trend reports for SOC leadership highlighting alert volumes rule efficacy and tuning outcomes. Maintain detection KPIs to measure alert accuracy.

• Document all detection logic tuning rationales and operational procedures to support audit compliance and knowledge transfer.

• Provide technical consultation during incident investigations and post-incident retrospectives identifying detection gaps and recommending improvements.

Skills:

• Strong understanding of MITRE ATT&CK and its practical application to detection engineering.

• Familiarity with cloud infrastructures (Azure GCP AWS) and the security logs they generate.

• Proficiency in scripting for automation (Python or PowerShell preferred).

• Working knowledge of common security controls and telemetry sourcesfirewalls IDS/IPS EDR endpoint protection cloud logs etc.

• Relevant certifications (any of): Admin SC-200 (Microsoft Sentinel) Google SecOps Certified CompTIA Security GCP / Azure / AWS Foundational.

• Excellent written documentation skills and the ability to convey complex detection concepts to both technical and non-technical stakeholders.

Experience: Minimum 3 years overall experience in cybersecurity operations or engineering.

At least 12 years hands-on experience building detections in one of the following SIEMs: Microsoft Sentinel (KQL) or Google SecOps (YARA-L).

Nice-to-Have

• Experience integrating SOAR playbooks with SIEM alerts.

• Prior involvement in purple-team exercises or red-team simulations.

• Knowledge of additional query or signature languages (e.g. Sigma Elastic Query DSL).

• Scripting Knowledge (Python Powershell)

• Data Analytics & Reporting Expertise in Microsoft PowerBI Tableau or equivalents.