SIEM SOAR Detection Engineer

Our client is a leading cybersecurity firm establishing a next-generation Security Operations Center (SOC) to deliver world-class monitoring, detection, and incident response capabilities. Built on advanced analytics, automation, and threat intelligence, this SOC is designed to serve as a central pillar of enterprise defense across diverse digital environments. The company is seeking exceptional security professionals to shape, lead, and evolve this capability into a benchmark for operational excellence and resilience.

We are seeking an experienced SOC Automation & Detection Engineer to support the development and enhancement of the SOC’s detection and automation capabilities. This role combines detection engineering, SIEM content development, and SOAR workflow automation, enabling consistent and scalable security operations.

The engineer will build and tune analytic rules, optimise SIEM ingestion pipelines, and design automation workflows that streamline triage, enrichment, and response actions. While strong experience with Microsoft Sentinel is required, experience with additional SIEM platforms such as Splunk, QRadar, Elastic, or LogRhythm is highly valued. The engineer will collaborate closely with Senior Engineers, SOC Analysts, Threat Hunters, and DFIR teams to improve both detection fidelity and operational efficiency.

Requirements

• Develop and maintain SIEM detection content, alerts, and analytic rules across platforms.
• Build KQL queries to support alerting, enrichment, investigations, and automated responses.
• Design, develop, and maintain SOAR automation workflows, including enrichment playbooks and triage automations.
• Collaborate with the Senior SOC Automation & Detection Engineer to align detection triggers with SOAR workflows.
• Assist with the onboarding, validation, and optimisation of log sources to support detections and automation.
• Conduct tuning cycles to reduce false positives and improve detection accuracy.
• Provide query and analytic support to SOC Analysts during investigations.
• Document detection logic, automation workflows, lifecycle updates, and engineering procedures.
• Identify telemetry gaps and propose ingestion and schema improvements.
• Assist in converting threat intelligence insights and threat hunting findings into detections and playbooks. Role Requirements

• 2–4 years of experience in SIEM engineering, detection development, or security automation.
• Strong hands-on experience with Microsoft Sentinel, especially KQL and analytic rule creation.
• Practical experience building or maintaining SOAR playbooks (Logic Apps preferred).
• Familiarity with at least one additional SIEM platform (Splunk, QRadar, Elastic, LogRhythm).
• Understanding of detection lifecycle management, tuning, and correlation fundamentals.
• Basic scripting capability (PowerShell or Python).
• Strong understanding of MITRE ATT&CK and attacker techniques.
• Certifications such as SC-200, AZ-500 or similar are beneficial. Technical Skills

• Platforms: Microsoft Sentinel, Splunk, QRadar, Elastic
• Automation: Azure Logic Apps, SOAR workflows, enrichment logic
• Analytics: KQL, SIEM rules, correlation logic
• Telemetry: Identity, endpoint, cloud, network logs
• Scripting: PowerShell or Python
• Frameworks: MITRE ATT&CK Benefits

• Build and refine the automation and detection backbone of a modern SOC.
• Directly influence the efficiency, scalability, and maturity of SOC operations.
• Work with advanced cloud-native technologies in a collaborative engineering environment.
• Clear pathway to senior engineering, threat hunting, or DFIR growth.