SOC Detection and Automation engineer

• Exp: 3+years
• Location: Bangalore
• send resumes to:

Job description:

SOC Detection and Automation engineer

sible for enhancing our security posture by developing, implementing, and maintaining detection

content within the SIEM. A key focus of this position will be leveraging our SIEMs automation

and AI capabilities to streamline level 1 security incident triage and response, thereby

increasing the efficiency and effectiveness of our Security Operations Center (SOC).

ResponsibilitiesWe are seeking a highly skilled and motivated SOC Engineer to

join our security operations team. This critical role will be respon

Detection Engineering and Content Development

Design, develop, test, and deploy high-fidelity detection rules, correlational logic, and

behavioral models within SIEM.

Translate threat intelligence, known vulnerabilities, and observed attack techniques

(e.g., MITRE ATT&CK framework) into actionable detection content.

Continuously review and tune existing detection content to minimize false positives while

maximizing coverage of emerging threats.

Ensure all detection content is mapped to relevant security controls and incident

response playbooks.

Automation and Efficiency

Develop, implement, and maintain automation playbooks (using our SIEMs automation

engine) to automate repetitive Level 1 incident triage tasks, data enrichment, and initial

response actions.

Integrate SIEM with other security tools and enterprise platforms via APIs and

connectors to facilitate seamless data flow and automated response.

Explore and apply SIEMs built-in AI/ML capabilities to improve alert prioritization,

anomaly detection, and automated incident clustering.

Document automation logic, workflows, and effectiveness metrics.

Platform Management and Optimization

Act as a subject matter expert for the SIEM, including data ingestion, logging policies,

and platform health.

Collaborate with Security Architecture and IT teams to onboard new data sources into

SIEM, ensuring proper normalization and parsing for detection use cases.

Monitor platform performance, troubleshoot content execution issues, and assist in

maintaining the overall operational stability of the SIEM environment.

Collaboration and Improvement

Work closely with SOC Analysts, Threat Hunters, and Incident Responders to

understand their needs and develop content that directly supports their operations.

Participate in post-incident review processes to identify detection and automation gaps

and drive improvements.

Stay current with the latest cybersecurity trends, attack vectors, and SIEM features and

updates.

Qualifications

Required Skills and Experience

3+ years of experience in Security Operations, Threat Hunting, or Detection Engineering.

Demonstrable expertise in designing and implementing detection content using a

SIEM/SOAR platform (strong preference for Palo Alto Networks XSIAM/Cortex XSOAR

experience).

Deep understanding of the cyber kill chain and MITRE ATT&CK framework.

Proficiency in scripting languages (e.g., Python, PowerShell) for automation and data

manipulation.

Strong knowledge of security logging formats, network protocols, operating systems

(Windows, Linux), and cloud environments.

Experience with API integrations and developing automation playbooks (SOAR).

Excellent analytical, problem-solving, and communication skills.

Preferred Qualifications

Hands-on experience with Palo Alto Networks XSIAM, including content creation and

automation development.

Relevant industry certifications (e.g., PCNSE, PCSAE, GCIH, GCFA, CISSP).

Experience with cloud security monitoring (AWS, Azure, GCP).

Familiarity with threat intelligence platforms and integrating intelligence feeds into

detection logic.