Job Title: Senior Cyber Security Engineer
Shift Timing- Rotational
Work mode- Remote, India
Role Overview:
We are looking for a highly technical Senior SIEM Engineer of experience of 10+ years with deep expertise in enterprise-scale SIEM architecture, data ingestion engineering, detection design, and platform maintenance. The ideal candidate will have strong hands-on experience in building SIEM solutions from the ground up, optimizing ingestion pipelines, designing advanced correlation logic, and ensuring the SIEM platform remains stable, scalable, and high performing.
Core Responsibilities:
1. SIEM Architecture & Design
· Architect and design scalable SIEM environments (clustered deployments, distributed search heads, indexers, data nodes, collectors, agents, pipelines).
· Define ingestion architecture including syslog tiers, forwarders, collectors, connectors, event hubs, and cloud-native logging services.
· Design data schemas, field mapping, normalization, and taxonomy aligned to MITRE, ECS, CIM, or custom models.
· Develop onboarding standards, ingestion frameworks, and parsing templates for structured and unstructured logs.
· Define retention strategies, storage planning, index design, tiered storage, and hot/warm/cold architecture.
2. SIEM Implementation & Integration
· Build and deploy SIEM components: forwarders, connectors, heavy forwarders, Logstash/filter nodes, agents, custom ingestion scripts.
· Configure ingestion for Windows, Linux, firewalls, endpoints, cloud workloads, applications, containers, and APIs.
· Create and maintain parsing rules (regex, KQL parsers, field extraction, custom source types).
· Implement identity, network, cloud, and application log sources with full end-to-end validation.
· Integrate threat intelligence feeds, enrichments, lookup tables, and contextual metadata.
3. SIEM Detection Engineering
· Develop advanced correlation rules and use cases (statistical, behavioural, sequence-based, threshold-based, machine-learning-driven).
· Map detections to MITRE ATT&CK and create automated enrichment workflows.
· Conduct rule tuning, false-positive reduction, threshold optimization, and noise suppression.
· Build dashboards, reports, alerting frameworks, and threat models customized for the environment.
4. SIEM Operations & Maintenance
· Maintain SIEM platform health through upgrades, patching, load balancing, and cluster management.
· Perform ingestion troubleshooting, parsing fixes, queue-depth monitoring, and pipeline optimization.
· Conduct capacity planning, storage forecasting, index optimization, and performance tuning.
· Implement RBAC, multi-tenant configurations, ingestion quotas, and compliance-driven logging controls.
· Build automation for maintenance tasks using Python, PowerShell, Bash, or APIs.
Requirements
· 10 + years of experience in cybersecurity with at least 7+ years hands-on SIEM engineering.
· Expert-level proficiency in one or more SIEM platforms: (Elastic SIEM, Splunk,IBM QRadar, Exabeam, Securonix, or similar)
· Strong experience with:
o Log collectors (Syslog-NG, Rsyslog, Beats, Logstash, FluentD)
o Custom parsers, field extractions, and data normalization
o SIEM data models and schema design
o Designing and deploying ingestion from multi-cloud environments
· Strong scripting skills: Python, PowerShell, Bash
· Deep knowledge of network protocols (TCP/UDP, TLS, DNS, HTTP, VPN, proxies).
· Solid understanding of Windows/Linux internals, AD, IAM, firewalls, EDR, and cloud telemetry.
Nice-to-Have Skills
· Experience managing or integrating:
o WAF platforms (F5, Imperva, Cloudflare, Akamai)
o NDR platforms (Vectra, Corelight, Darktrace, ExtraHop)
· Exposure to EDR (CS, Defender), AV (Symantec), SOAR for workflow automation.
· Certifications: GCIA, GCDA, GCIH, Splunk Architect, Azure Security, CISSP, or equivalent.
Soft Skills
· Strong problem-solving mindset with the ability to troubleshoot complex ingestion and platform issues.
· Excellent documentation habits (architecture diagrams, onboarding guides, runbooks).
· Ability to collaborate with infrastructure, DevOps, cloud, and SOC teams.
· Strong leadership capability to mentor junior engineers.
Protera Technologies (www.protera.com) is an SAP Certified, Global Total IT Outsourcing Provider for SAP-centric organizations founded in the mid-1990s. We have been the SAP-on-cloud pioneer since running the world’s first SAP production instance on a public cloud. Today, we manage thousands of SAP and related IT workloads on Microsoft Azure, Google Cloud, and Amazon Web Services (AWS).
Headquartered in Chicago, IL, with offices in Athens, Greece, and Mumbai, India, Protera delivers world-class cloud hosting, application management, and professional services focused on total customer satisfaction.
For more information, visit www.protera.com.
Benefits
https://www.linkedin.com/company/protera/jobs/Protera Technologies (www.protera.com) is an SAP Certified Global IT Services Provider for SAP-centric organizations. Protera was founded in 1998 and is the SAP-on-the-cloud pioneer. Today, we run thousands of instances of SAP and related IT applications on the Microsoft Azure and Amazon Web Services clouds. Protera is headquartered in Chicago, IL and has shared services offices in Athens, Greece and Mumbai, India.
Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!
Be the first to apply. Receive an email whenever similar jobs are posted.
Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.
Security Engineer Q&A's