Opening with EY_SIEM

Join EY's Security Operations Center (SOC) team as a SIEM Engineer. This hybrid role, based in Bengaluru, Noida, or Pune, focuses on enhancing our security detection and response capabilities. You will be instrumental in developing and maintaining our SIEM platform, leveraging advanced analytics and automation.

Responsibilities:

• Lead SIEM engineering efforts or contribute to SOC detection.
• Develop and manage correlation rules and analytics within SIEM platforms like CrowdStrike Falcon Fusion, Azure Sentinel, or Splunk Enterprise Security.
• Create and maintain Security Orchestration, Automation, and Response (SOAR) playbooks, including Fusion workflows, Azure Logic Apps, or Splunk SOAR.
• Deeply understand and implement case management workflows and alert lifecycle governance.
• Engineer data ingestion pipelines using tools such as Cribl Stream and Cribl Lake.
• Utilize and optimize query languages including SPL, KQL, and CQL.
• Apply knowledge of data models, schemas, and threat modeling to enhance security posture.

Skills & Experience:

• 2-7 years of experience in SIEM engineering or SOC detection.
• Strong hands-on experience with CrowdStrike Falcon Fusion, Azure Sentinel Analytics, or Splunk ES Correlation Searches.
• Proficiency in creating/maintaining SOAR playbooks (Fusion workflows, Sentinel Logic Apps, Splunk SOAR).
• Deep knowledge of case management workflows and alert lifecycle governance.
• Strong experience in ingestion engineering using Cribl Stream & Lake.
• Expertise in SPL, KQL, CQL query languages.
• Understanding of data models, schemas, and threat modeling.