SOC Detection and Automation engineer
HCLSoftware
2 - 5 years
Bengaluru
Posted: 29/01/2026
Job Description
- Exp: 3+years
- Location: Bangalore
- send resumes to:
Job description:
SOC Detection and Automation engineer
sible for enhancing our security posture by developing, implementing, and maintaining detection
content within the SIEM. A key focus of this position will be leveraging our SIEMs automation
and AI capabilities to streamline level 1 security incident triage and response, thereby
increasing the efficiency and effectiveness of our Security Operations Center (SOC).
ResponsibilitiesWe are seeking a highly skilled and motivated SOC Engineer to
join our security operations team. This critical role will be respon
Detection Engineering and Content Development
Design, develop, test, and deploy high-fidelity detection rules, correlational logic, and
behavioral models within SIEM.
Translate threat intelligence, known vulnerabilities, and observed attack techniques
(e.g., MITRE ATT&CK framework) into actionable detection content.
Continuously review and tune existing detection content to minimize false positives while
maximizing coverage of emerging threats.
Ensure all detection content is mapped to relevant security controls and incident
response playbooks.
Automation and Efficiency
Develop, implement, and maintain automation playbooks (using our SIEMs automation
engine) to automate repetitive Level 1 incident triage tasks, data enrichment, and initial
response actions.
Integrate SIEM with other security tools and enterprise platforms via APIs and
connectors to facilitate seamless data flow and automated response.
Explore and apply SIEMs built-in AI/ML capabilities to improve alert prioritization,
anomaly detection, and automated incident clustering.
Document automation logic, workflows, and effectiveness metrics.
Platform Management and Optimization
Act as a subject matter expert for the SIEM, including data ingestion, logging policies,
and platform health.
Collaborate with Security Architecture and IT teams to onboard new data sources into
SIEM, ensuring proper normalization and parsing for detection use cases.
Monitor platform performance, troubleshoot content execution issues, and assist in
maintaining the overall operational stability of the SIEM environment.
Collaboration and Improvement
Work closely with SOC Analysts, Threat Hunters, and Incident Responders to
understand their needs and develop content that directly supports their operations.
Participate in post-incident review processes to identify detection and automation gaps
and drive improvements.
Stay current with the latest cybersecurity trends, attack vectors, and SIEM features and
updates.
Qualifications
Required Skills and Experience
3+ years of experience in Security Operations, Threat Hunting, or Detection Engineering.
Demonstrable expertise in designing and implementing detection content using a
SIEM/SOAR platform (strong preference for Palo Alto Networks XSIAM/Cortex XSOAR
experience).
Deep understanding of the cyber kill chain and MITRE ATT&CK framework.
Proficiency in scripting languages (e.g., Python, PowerShell) for automation and data
manipulation.
Strong knowledge of security logging formats, network protocols, operating systems
(Windows, Linux), and cloud environments.
Experience with API integrations and developing automation playbooks (SOAR).
Excellent analytical, problem-solving, and communication skills.
Preferred Qualifications
Hands-on experience with Palo Alto Networks XSIAM, including content creation and
automation development.
Relevant industry certifications (e.g., PCNSE, PCSAE, GCIH, GCFA, CISSP).
Experience with cloud security monitoring (AWS, Azure, GCP).
Familiarity with threat intelligence platforms and integrating intelligence feeds into
detection logic.
Services you might be interested in
Improve Your Resume Today
Boost your chances with professional resume services!
Get expert-reviewed, ATS-optimized resumes tailored for your experience level. Start your journey now.
