Experience: 4-8 Years
Location: Hyderabad, India (On-site)
Location: Hyderabad, India (On-site)
Job Summary:
We are seeking a SOC professional focused on building, tuning, and operating detection
and alerting capabilities across cloud, identity, endpoint, and network environments. This
role is responsible for converting telemetry into actionable alerts, reducing false positives,
and ensuring high-fidelity detections aligned with real-world threats.
Key Responsibilities:
● Design, build, and maintain detection rules across SIEM, EDR, cloud-native, and
identity platforms
● Develop use-case–driven alerts mapped to the MITRE ATT&CK framework
● Tune alerts to reduce false positives while maintaining detection coverage
● Create correlation rules across Identity (EIAM/CIAM), Cloud, Network, and
Endpoint logs
● Validate detections using attack simulations, threat intelligence, and red/purple team
inputs
SOC Operations Support
● Monitor and triage security alerts with emphasis on signal quality
● Perform alert investigations and determine escalation paths
● Improve detection logic based on incident learnings
● Maintain alert documentation, severity models, and response playbooks
Threat & Log Intelligence
● Integrate threat intelligence feeds into detection logic
● Identify logging gaps and onboard missing telemetry
● Analyze attacker TTPs and convert them into proactive detections
● Automation & Optimization
Automate alert enrichment and triage using SOAR or scripting
● Build dashboards and KPIs for detection coverage and SOC effectiveness
● Measure detection performance (MTTD, false-positive rate, alert fidelity) Required Skills & Experience
● Hands-on experience with SIEM platforms (Elastic, Splunk, Sentinel, QRadar)
● Strong understanding of detection rule creation and tuning
● Solid knowledge of MITRE ATT&CK
● Experience analyzing identity, cloud, endpoint, network, and application logs
● Scripting knowledge (Python, KQL, SPL, Lucene, SQL-like languages)
● Measure detection performance (MTTD, false-positive rate, alert fidelity) Required Skills & Experience
● Hands-on experience with SIEM platforms (Elastic, Splunk, Sentinel, QRadar)
● Strong understanding of detection rule creation and tuning
● Solid knowledge of MITRE ATT&CK
● Experience analyzing identity, cloud, endpoint, network, and application logs
● Scripting knowledge (Python, KQL, SPL, Lucene, SQL-like languages)
Nice to Have
● Detection engineering or threat hunting background
● Experience with red team or purple team exercises
● Knowledge of Zero Trust and identity-first security models
● Experience reducing SOC alert fatigue at scale
What Success Looks Like
● High-confidence alerts with minimal noise
● Clear visibility into attacker behavior across identity, cloud, and endpoints
● Faster detection and response times
● Alerts that are actionable, explainable, and risk-aligned
To apply for this job please visit forms.gle.