Lead SIEM Analyst
Blue Yonder
full-time
Posted on:
Location Type: Office
Location: Hyderabad • India
Visit company websiteExplore more
Job Level
About the role
- Design, implement, and operate SIEM capabilities using CrowdStrike NGSIEM
- Lead onboarding of new log sources, including development of custom parsers, field normalization, and data validation
- Build, tune, and maintain detection rules, correlation logic, and alerting aligned with real-world threats and MITRE ATT&CK
- Create and maintain dashboards and visualizations to support SOC operations, leadership reporting, and compliance requirements
- Use CrowdStrike Query Language (CQL) for advanced investigations, threat hunting, and data analysis
- Design and manage log ingestion pipelines using Cribl, including routing, enrichment, filtering, and transformation
- Develop and maintain automation and API-based integrations to streamline data onboarding, detection deployment, and operational workflows
- Partner with SOC analysts, cloud teams, and platform owners to ensure high-quality, security-relevant telemetry
- Act as a technical escalation point for SIEM-related investigations and incident response
- Continuously improve detection fidelity, data quality, and SIEM performance
- Support audit and compliance initiatives (e.g., PCI-DSS, ISO 27001, SOC 2) through monitoring, reporting, and evidence generation
- Document SIEM architecture, data flows, detection logic, and operational runbooks
Requirements
- 5 - 8 years of hands-on experience in SIEM engineering, detection engineering, or security monitoring
- Strong hands-on experience with CrowdStrike NGSIEM is required
- Candidates without NGSIEM experience must demonstrate deep, hands-on SIEM engineering experience using Splunk in enterprise environments
- Proven experience developing custom parsers and onboarding diverse log sources
- Hands-on experience with CrowdStrike Query Language (CQL) or equivalent SIEM query languages
- Strong experience building detection rules, dashboards, and alerting for SOC operations
- Hands-on experience with Cribl for log routing, enrichment, and pipeline optimization
- Experience with automation and API-based integrations
- Solid understanding of security telemetry, log formats, and large-scale log ingestion architectures
- Ability to work effectively in a global, fast-paced environment
Benefits
- Health insurance
- 401(k) matching
- Paid time off
- Flexible work arrangements
- Professional development opportunities
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
SIEM engineeringdetection engineeringsecurity monitoringcustom parsersdetection rulesCrowdStrike NGSIEMCrowdStrike Query Language (CQL)log routingautomationAPI-based integrations
Soft skills
leadershipcollaborationcommunicationproblem-solvingadaptability
Certifications
PCI-DSSISO 27001SOC 2