Job Description

About the Role

------------------

We are seeking an experienced

SIEM Engineer

to design, implement, and optimize security use cases across multiple leading SIEM platforms. The ideal candidate will have hands-on expertise in

use case development

and be able to translate threat intelligence and business risk into actionable detection rules.

Key Responsibilities

------------------------

Design, develop, test, and deploy

detection use cases

(correlation rules, alerts, dashboards, and reports) in SIEM environments. Perform

use case tuning and optimization

to reduce false positives while maintaining high detection efficacy. Collaborate with threat intelligence, incident response, and security architecture teams to align use cases with MITRE ATT&CK, organizational risk, and compliance requirements. Conduct

use case validation workshops

and document logic, data sources, and expected outcomes. Integrate log sources (endpoint, network, cloud, identity) into SIEM platforms and normalize data using CIM or equivalent models. Maintain use case inventory, versioning, and lifecycle management.

Required Qualifications

---------------------------

3+ years

of hands-on experience in

SIEM use case development

.

Proficiency in at least 2

of the following platforms (with demonstrable use case examples):

IBM QRadar

(AQL, custom rules, offense tuning)

Splunk

(SPL, ES Content Development, CIM normalization)

Elastic SIEM

(EQL, detection rules, ECS mapping)

Google Security Operations (SecOps)

(formerly Chronicle; YARA-L, rule authoring, entity graphs) Strong understanding of

log parsing, regex, and data normalization

. Experience with

threat hunting

and translating IOCs into detection logic. Familiarity with

MITRE ATT&CK

, kill chain methodologies, and risk-based prioritization. * Scripting skills (Python, Bash, or PowerShell) for automation and custom integrations.