Primary Objective Own the detection engineering function for the SOC, ensuring comprehensive, tuned and effective detection content across SIEM, XDR and related platforms.
Key Responsibilities
- Maintain a structured detection/use-case catalogue mapped to MITRE ATT&CK, cyber kill chain and relevant regulatory controls.
- Design, implement and tune SIEM correlation rules, XDR analytics, UEBA models and other detection logic.
- Prioritize new detections based on threat intelligence, incident learnings and vulnerability information.
- Coordinate with Threat Management, IR and Tier-2 analysts to validate and refine detection rules.
- Monitor alert volumes, false-positive rates and coverage gaps; implement improvements to reduce noise and increase visibility.
- Ensure consistent naming conventions, tagging and documentation for all detections to support reporting and audits.
- Drive integration of detection content with SOAR playbooks to enable semi- or fully-automated response where appropriate.
- Provide technical guidance and mentoring to Detection Analyst(s) and Tier-2 analysts on query languages and rule design.
