Threat Detection Engineer - SIEM

Job Title : Threat Detection Engineer Company : Cloudesign Technology Solutions (CTS) Location : Bangalore, India Notice Period : Immediate Experience: 5 Years About Cloudesign Technology Solutions (CTS) : Cloudesign Technology Solutions (CTS) is an innovative IT consulting and services company specializing in digital transformation. With development centers in Mumbai (HQ) and Bangalore, CTS provides custom software engineering, AI & ML, blockchain, cloud, robotic process automation, IoT, security, and testing solutions. Partnering with industry giants such as Google, Microsoft, AWS, SAP, and Salesforce, CTS delivers domain-centric solutions across sectors like logistics, retail, banking, healthcare, and more, enhancing business efficiency and customer experiences. About the Job : Cloudesign Technology Solutions is seeking a highly skilled and experienced Threat Detection Engineer to join our dynamic security team in Bangalore. In this critical role, you will be responsible for optimizing and enhancing the performance of our Security Information and Event Management (SIEM) system, with a primary focus on Microsoft Sentinel. Your key objective will be to minimize unnecessary traffic and noise within the SIEM while significantly improving the accuracy of threat detection through the strategic creation and meticulous fine-tuning of detection rules. As a Threat Detection Engineer, you will be instrumental in managing and streamlining the entire data lifecycle within Microsoft Sentinel, from initial collection to in-depth analysis. You will act as a central figure in ensuring our SIEM effectively aggregates, processes, and manages security-relevant data from a diverse range of endpoints, including servers, workstations, and network devices. Your expertise will directly contribute to strengthening our organization's security posture and incident response : - Detection Rule Management : Design, develop, implement, and continuously refine custom detection rules within Microsoft Sentinel to identify potential security threats and anomalies specific to our network infrastructure, industry best practices, and evolving security landscape. - Rule Optimization and Tuning : Analyze existing detection rules to identify areas for improvement, eliminate false positives and negatives, and optimize their performance to reduce alert fatigue and enhance the signal-to-noise ratio within the SIEM. - Stakeholder Collaboration : Work closely with security analysts, incident responders, and other relevant stakeholders to understand their requirements, gather feedback on SIEM effectiveness, and collaboratively develop strategies to improve overall threat detection capabilities. - SIEM Efficiency Enhancement : Proactively identify and implement strategies to improve the overall efficiency and performance of the Microsoft Sentinel platform, ensuring optimal data processing and analysis. - Custom and Built-in Rule Utilization : Leverage both out-of-the-box detection rules provided by Microsoft Sentinel and develop custom rules tailored to the organization's unique security needs and risk profile. - Data Ingestion Management : Oversee and manage the data ingestion process from various security and operational sources into Microsoft Sentinel, ensuring data integrity, proper parsing, and efficient storage for effective threat analysis. - Endpoint and Asset Integration : Possess a strong understanding of integrating data from diverse endpoints (servers, workstations, cloud resources) and network devices into the SIEM platform. - Security Monitoring Best Practices : Apply a deep understanding of security monitoring principles, threat detection methodologies, and incident response workflows to inform the development and optimization of detection rules. - Documentation and Reporting : Maintain comprehensive documentation of detection rules, optimization processes, and any changes made to the SIEM configuration. Generate reports on SIEM performance and threat detection effectiveness as required. - Continuous Learning : Stay up-to-date with the latest security threats, vulnerabilities, and advancements in SIEM technologies, particularly within the Microsoft Sentinel ecosystem. Required Skills : - SIEM Expertise : Proven expertise in working with Microsoft Sentinel or other leading SIEM platforms (e.g., Splunk, QRadar). - Rule Engineering : Strong and demonstrable experience in the entire lifecycle of detection rule creation, fine-tuning, and optimization techniques to significantly improve threat detection accuracy and reduce false positives. - Data Ingestion Proficiency : In-depth knowledge and practical experience in managing data ingestion processes from a wide variety of security and operational data sources. - Endpoint and Asset Knowledge : Comprehensive understanding of data originating from various endpoints, including servers, workstations, network devices, cloud environments, and security tools. - Security Monitoring Acumen : Solid understanding of security monitoring principles, threat detection strategies, incident response methodologies, and common attack vectors. - Excellent analytical and problem-solving skills with a strong attention to detail. - Strong communication and collaboration skills to effectively interact with technical and non-technical stakeholders. - Ability to work independently and manage multiple tasks effectively in a fast-paced environment. (ref:hirist.tech)

Location: bangalore, IN

Posted Date: 5/1/2025