SIEM Lead Engineer – Splunk (Detection Engineering)

Hiring: SIEM Lead Engineer (Splunk)

Experience: 5–8 Years

Location : Hyderabad (WFO)

We’re looking for a hands-on SIEM Lead Engineer with strong Splunk expertise to drive detection engineering and improve SOC effectiveness. If you enjoy building high-quality detections, reducing alert noise, and working closely with SOC teams, this role is for you.

What You’ll Do • Design and build SIEM detections and alerts in Splunk • Tune and optimize alerts to reduce false positives • Own the complete alert lifecycle (build → test → tune → retire) • Implement alert enrichment using IAM, CMDB, vulnerability & threat intel data • Work on log onboarding, data normalization & CIM compliance • Map detections to MITRE ATT&CK framework • Act as an L3 escalation point for complex issues • Mentor junior engineers and support SOC teams

Must-Have Skills • 5–8 years in SIEM / Security Engineering • Strong hands-on experience in Splunk (Enterprise / ES) • Expertise in SPL (Search Processing Language) • Experience in alert creation, tuning & detection engineering • Good understanding of security logs (endpoint, network, cloud, IAM) • Experience with MITRE ATT&CK & SOC workflows • Experience integrating SIEM with IAM, CMDB, vulnerability & threat intel tools

Good to Have • Experience in Healthcare / BFSI environments • Exposure to SOAR tools • Python / PowerShell scripting • Splunk or security certifications

If you’re passionate about designing and implementing robust SIEM and EDR frameworks, we’d love to connect!

DM me or share your profile at aishwarya.saravanan@antal.com