SIEM Detection Engineer L2 – Google Security Operations IRC265418

Description

 

We are looking for a Detection Specialist to join our MSS team to support a new upcoming client with Google Security Operations SIEM (training will be provided). As a Detection Specialist, you will be instrumental in safeguarding the client’s IT infrastructure, optimizing, and maintaining threat detection mechanisms within Google SecOps SIEM platform. This role focuses on proactive threat hunting, real-time security detection, to ensure timely identification and mitigation of cyber threats by our global Security Operations Center (SOC).

Additionally, you will work closely with SOAR Engineers, SOC Analysts, Solutions Engineers, and clients to understand their requirements and ensure that security is aligned with the industry standards.

Requirements

 

· Diploma in Information Security, Cybersecurity, Computer Science, or a related field (or equivalent experience).

· 3+ years of experience in information security, with at least 1 year of hands-on experience using Splunk, Sentinel, and/or Google SecOps SIEM platforms.

· Proven experience designing, developing, and implementing detection content within SIEM platforms (e.g., Google SecOps, Splunk, Microsoft Sentinel).

· Familiarity with cloud platforms and environments such as GCP, Azure, or AWS.

· Experience with cybersecurity frameworks (e.g., MITRE ATT&CK) and their application to detection development.

· Familiarity with network protocols, security tools, and cybersecurity concepts.

· Strong knowledge of creating Splunk, Sentinel, and/or Google SecOps dashboards, reports, and correlation rules.

· Proficiency with SPL, KQL and/or YARA-L languages for data analysis and queries.

· Experience with scripting (e.g., Python, PowerShell) for automation.

· Familiarity with other security tools and platforms, such as firewalls, IDS/IPS, and endpoint protection.

· Relevant certifications like Splunk Core Certified User, Splunk Certified Power User, CompTIA Security+, GCP, Azure, AWS, or equivalent.

Job responsibilities

 

· Design and implement detection rules, reports, and dashboards within Google SecOps.

· Validate and continuously test detection logic accuracy through simulations and real-world scenarios. Ensure detection mechanisms evolve in response to new threats, vulnerabilities, and organizational risk profiles.

· Analyze log data for suspicious patterns, potential risks, or indicators of compromise (IoCs), developing detection signatures accordingly.

· Configure and fine-tune SIEM filters, correlation rules, and alert thresholds to enhance detection efficacy and reduce false positives.

· Perform regular detection health checks, ensuring platform reliability, scalability, and high performance. Regularly evaluate and tune detection rules based on feedback and performance metrics, enhancing detection accuracy and efficiency.

· Incorporate external threat intelligence feeds, including IoCs and TTPs, enhancing detection capabilities and proactively addressing emerging threats.

· Stay informed of evolving threat landscapes and adapt detection strategies based on current threat intelligence insights.

· Identify opportunities to leverage SIEM automation features, such as data enrichment, to enhance incident response times and minimize manual effort.

· Generate regular and actionable reports on detection system performance, alerts trends, detection rule effectiveness, for stakeholders and cybersecurity leadership.

· Maintain up-to-date documentation of detection rules, operational procedures, configurations, and best practices within the SOC repository.

· Actively partner with SOC Analysts to reduce alert noise, refine detection accuracy, and align alerts with organizational risk priorities.

· Support cross-functional teams in documenting incidents from detection to resolution, including conducting detailed root cause analyses to identify potential gaps in the threat detection strategy.

· Provide technical guidance and support during investigations and escalation processes.

· Conduct hypothesis-driven threat hunts in coordination with SOC analysts to identify sophisticated threats and attack techniques not initially detected by automated systems.

· Provide continuous feedback to refine detection capabilities based on threat hunting outcomes.

· Ensure accurate documentation of technical operations, rule deployments, system updates, and tuning adjustments to support auditability and compliance requirements.

 

#LI-OT1 #LI-Remote

What we offer

Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. 

Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally.

Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today.

Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way!

High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do.

About GlobalLogic

GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services.