SOC Detection and Automation engineer

• Exp: 3+years
• Location: Bangalore
• send resumes to:

Job description:

SOC Detection and Automation engineer

sible for enhancing our security posture by developing, implementing, and maintaining detection

content within the SIEM. A key focus of this position will be leveraging our SIEMs automation

and AI capabilities to streamline level 1 security incident triage and response, thereby

increasing the efficiency and effectiveness of our Security Operations Center (SOC).

ResponsibilitiesWe are seeking a highly skilled and motivated SOC Engineer to

join our security operations team. This critical role will be respon

Detection Engineering and Content Development

● Design, develop, test, and deploy high-fidelity detection rules, correlational logic, and

behavioral models within SIEM.

● Translate threat intelligence, known vulnerabilities, and observed attack techniques

(e.g., MITRE ATT&CK framework) into actionable detection content.

● Continuously review and tune existing detection content to minimize false positives while

maximizing coverage of emerging threats.

● Ensure all detection content is mapped to relevant security controls and incident

response playbooks.

Automation and Efficiency

● Develop, implement, and maintain automation playbooks (using our SIEMs automation

engine) to automate repetitive Level 1 incident triage tasks, data enrichment, and initial

response actions.

● Integrate SIEM with other security tools and enterprise platforms via APIs and

connectors to facilitate seamless data flow and automated response.

● Explore and apply SIEMs built-in AI/ML capabilities to improve alert prioritization,

anomaly detection, and automated incident clustering.

● Document automation logic, workflows, and effectiveness metrics.

Platform Management and Optimization

● Act as a subject matter expert for the SIEM, including data ingestion, logging policies,

and platform health.

● Collaborate with Security Architecture and IT teams to onboard new data sources into

SIEM, ensuring proper normalization and parsing for detection use cases.

● Monitor platform performance, troubleshoot content execution issues, and assist in

maintaining the overall operational stability of the SIEM environment.

Collaboration and Improvement

● Work closely with SOC Analysts, Threat Hunters, and Incident Responders to

understand their needs and develop content that directly supports their operations.

● Participate in post-incident review processes to identify detection and automation gaps

and drive improvements.

● Stay current with the latest cybersecurity trends, attack vectors, and SIEM features and

updates.

Qualifications

Required Skills and Experience

● 3+ years of experience in Security Operations, Threat Hunting, or Detection Engineering.

● Demonstrable expertise in designing and implementing detection content using a

SIEM/SOAR platform (strong preference for Palo Alto Networks XSIAM/Cortex XSOAR

experience).

● Deep understanding of the cyber kill chain and MITRE ATT&CK framework.

● Proficiency in scripting languages (e.g., Python, PowerShell) for automation and data

manipulation.

● Strong knowledge of security logging formats, network protocols, operating systems

(Windows, Linux), and cloud environments.

● Experience with API integrations and developing automation playbooks (SOAR).

● Excellent analytical, problem-solving, and communication skills.

Preferred Qualifications

● Hands-on experience with Palo Alto Networks XSIAM, including content creation and

automation development.

● Relevant industry certifications (e.g., PCNSE, PCSAE, GCIH, GCFA, CISSP).

● Experience with cloud security monitoring (AWS, Azure, GCP).

● Familiarity with threat intelligence platforms and integrating intelligence feeds into

detection logic.