Home
Communities
Companies
- Companies
  
  Discover best places to work
- Compare Companies
  
  Compare & find best workplace
- Add Office Photos
  
  Bring your workplace to life
- Add Company Benefits
  
  Highlight your company's perks
Reviews
- Company reviews
  
  Read reviews for 6L+ companies
- Write a review
  
  Rate your former or current company
Salaries
- Browse salaries
  
  Discover salaries for 6L+ companies
- Salary calculator
  
  Calculate your take home salary
- Are you paid fairly?
  
  Check your market value
- Share your salary
  
  Help other jobseekers
- Gratuity calculator
  
  Check your gratuity amount
- HRA calculator
  
  Check how much of your HRA is tax-free
- Salary hike calculator
  
  Check your salary hike
Interviews
- Company interviews
  
  Read interviews for 40K+ companies
- Campus placements
  
  Interviews questions for 2K+ colleges
- Share interview questions
  
  Contribute your interview questions
Jobs
Awards

WINNERS AWAITED!
- ABECA 2025
  
  WINNERS AWAITED!
  
  AmbitionBox Employee Choice Awards - 4th Edition
- ABECA 2024
  
  AmbitionBox Employee Choice Awards - 3rd Edition
- AmbitionBox Best Places to Work 2022
  
  2nd Edition
- AmbitionBox Best Places to Work 2021
  
  1st Edition

Add office photos

Employer? Claim Account for FREE

Security and Intelligence Services (India)

Compare

4.2

based on 1.3k Reviews

293 Security and Intelligence Services (India) Jobs

SIEM Developer, Information Security

S&P Global Inc.

4.2

based on 1.3k Reviews

3-7 years

Noida, Hyderabad / Secunderabad

1 vacancy

SIEM Developer, Information Security

Security and Intelligence Services (India)

posted 56min ago

Job Role Insights

Flexible timing

Key skills for the job

Data Analytics Python Computer Networking Microsoft Power BI Information Security Network Security

+ 3 more

Job Description

The Team : You will be part of SIEM Engineering, responsible for developing detection code in SIEMs. You will be responsible for performing activities within the content life cycle, including creating new parsers/connectors and use cases, testing content; tuning, and removing content, and maintaining associated documentation. Expert-level knowledge of SPL, KQL, and AQL is a must.

Responsibilities:

Develop custom security content within the SIEM security tools to detect threats and attacks against the department.

Participate Lead briefings to provide expert guidance on new threats and will act as an escalation point for SecOps on Detection techniques.

Develop advanced alerting capabilities based on threat intelligence, post-incident findings, new threats, and vulnerabilities.

Experience with creating and implementing content in EDR, SIEM, and SOAR

Stay informed on modern attack techniques and MITRE TTP s to integrate knowledge into new detections.

Develop policies, standards and guidelines for threat detection and hunting.

Measure and track metrics for the detection engineering process to show progress towards goals and track gaps in detection coverage.

Enable compliance in teams and help them achieve some of the industry s best practices (e.g. NIST, ISO 27001)

Participate in Purple Team Exercises focusing on discovering improvement opportunities.

Analyse network traffic using enterprise tools (e.g. Full PCAP, Firewall, Proxy logs, IDS logs, etc)

Stay up to date with latest threats and familiar with APT and common TTPs.

Utilize the Cyber Kill Chain and synthesize the entire attack life cycle.

Contribute to SOP development and updating.

What we are looking for:
Basic Qualifications:

Candidates shall have a minimum of five (5) years of professional experience in security, information risk management, or information systems risk assessment, and must be knowledgeable in many areas such as Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Data Loss Prevention (DLP), Encryption, Two-Factor Authentication, Web-filtering, and Advanced Threat Protection.
Proficiency in scripting language (Python, Bash, Powershell) Git.

Strong background in application and API architecture and development CICD (Jenkins, Docker, etc ) DevSecOps

Understanding of MITRE ATTCK, Cyber Kill Chain, NIST

Expert Knowledge in operating centralized log analysis tools - Splunk, EDR Platforms etc

Experience with deploying custom-built and scalable security solutions enterprise or open-source security tools - SIEM, IDS/IPS, EDR, FIM, PAM

Broad knowledge of Active Directory, Microsoft Security products, Identity Management, network security, endpoint security, cloud security, vulnerability management, security incident response and malware.

Understanding of cyber security and IT disciplines including networking, operating systems, authentication protocols, general enterprise network architecture, and security incident response.

Strong written and oral communication skills including the ability to communicate and interact effectively with users that do not have a security background and be a security spokesperson throughout the organization.

Basic Qualifications: (define basic qualifications)

Bachelors or master s in computers, IT or equivalent experience.

5 years+ experience in threat detection building detection logic utilizing security logs to detect malicious activity with high fidelity across a broad set of detection use cases

Proven experience in developing Security used case using SPL KQL.

Preferred Qualifications:

Atleast one of the Certifications such as CEH, CySA+, CISSP.
Splunk Advanced Certifications.
Expert Knowledge of Logging infrastructure and tools like Cribl, Athena, Log Analytics, etc.