Siemens Mobility
Company Overview:
Siemens, a leading software organization, is seeking a highly skilled and motivated Cloud Security (Detection) Engineer to join our dynamic and innovative team. As a company committed to harnessing the power of cloud technologies on our SaaS journey, we are seeking an experienced professional to enhance our threat detection engineering capabilities to ensure the security and integrity of our cloud-based workloads.
Role Overview:
As a Cloud Security (Detection) Engineer, you will be responsible for designing, developing, tuning, and maintaining high‑fidelity detection logic and alerting within our SIEM platform. A successful candidate in this role will implement the necessary logic to identify malicious activity and reduce the alerting fatigue of our Security Operations Center (SOC) analysts.
Responsibilities:
Design and implement SIEM detection rules, correlation logic, and analytics to identify adversary activity across logs, network telemetry, endpoint data, cloud services, and identity systems.
Translate threat intelligence and SOC feedback into prioritized detections and use cases.
Author and maintain parsers, normalization, and enrichment pipelines to ensure consistent data collection which maps to specific standards (OCSF, CIM, etc.).
Tune alerts to reduce false positives and improve signal‑to‑noise; define and measure alert health metrics such as MTTA and MTTR.
Create and maintain detection testing artifacts (unit tests, synthetic data, and playbooks) to validate detection coverage and their efficacy.
Partner with SOC analysts and incident responders to refine detections and implement playbooks for triage and escalation.
Perform performance optimization on detection queries and correlation rules to scale with increases in data ingestion volumes.
Maintain documentation: use cases, runbooks, and detection logic to name a few.
Conduct periodic reviews of detection coverage against known threats and perform gap analyses.
Participate in threat‑hunting exercises and "Purple Team" engagements to discover new detection opportunities.
Collaborate with the SIEM and security engineering teams on data collection, logging standards, and instrumentation to ensure required telemetry is available.
Monitor and respond to detection regressions after SIEM upgrades or major changes to data sources.
Participate in incident response efforts, coordinating with internal teams and cloud providers to contain and remediate security breaches.
Stay up-to-date with the latest security threats, vulnerabilities, and best practices as they relate to detection engineering and cloud security as a whole.
Provide guidance and training to other team members to enhance overall detection engineering and threat hunting knowledge within the organization.
Requirements:
Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
Extensive experience working with SIEM platforms, with a strong focus on detection engineering and threat hunting.
Strong understanding of cloud security principles, architecture, and best practices.
Experience with cloud‑native security tools and services.
Relevant industry certifications (e.g., Splunk Architect, CISSP, etc.) are a plus.
Solid scripting and automation skills (Python, Bash, PowerShell, etc.).
Excellent problem‑solving and communication skills with the ability to work collaboratively in a team‑oriented environment.
Experience with Infrastructure as Code technologies like CloudFormation and Terraform to deploy infrastructure programmatically.
Proficient using CI/CD tooling and processes to deploy threat detection rules and automation using pipelines.
Strong query language skills (SPL, KQL, etc.) and experience optimizing queries for performance and accuracy.
Join our team to help shape and secure the future of our cloud‑based systems while contributing to the success of our organization as a whole. If you are a proactive, adaptable, and detail‑oriented professional with a passion for cloud security, we encourage you to apply and be part of our exciting journey.
This position will be subject to U.S. export control requirements under the International Traffic in Arms Regulations (ITAR) and/or Export Administration Regulations (EAR). Employment is contingent on either verifying the U.S. Person status or obtaining any necessary export license.
All qualified applicants will receive consideration for employment. Siemens is committed to creating a diverse environment and is proud to be an equal‑opportunity employer. Upon request, Siemens Canada will provide reasonable accommodation for disabilities to support participation of candidates in all aspects of the recruitment process.
By submitting personal information to Siemens Canada Limited or its affiliates, service providers and agents, you consent to our collection, use and disclosure of such information for the purposes described in our Privacy Notice available at www.siemens.ca.
#J-18808-Ljbffr
Siemens, a leading software organization, is seeking a highly skilled and motivated Cloud Security (Detection) Engineer to join our dynamic and innovative team. As a company committed to harnessing the power of cloud technologies on our SaaS journey, we are seeking an experienced professional to enhance our threat detection engineering capabilities to ensure the security and integrity of our cloud-based workloads.
Role Overview:
As a Cloud Security (Detection) Engineer, you will be responsible for designing, developing, tuning, and maintaining high‑fidelity detection logic and alerting within our SIEM platform. A successful candidate in this role will implement the necessary logic to identify malicious activity and reduce the alerting fatigue of our Security Operations Center (SOC) analysts.
Responsibilities:
Design and implement SIEM detection rules, correlation logic, and analytics to identify adversary activity across logs, network telemetry, endpoint data, cloud services, and identity systems.
Translate threat intelligence and SOC feedback into prioritized detections and use cases.
Author and maintain parsers, normalization, and enrichment pipelines to ensure consistent data collection which maps to specific standards (OCSF, CIM, etc.).
Tune alerts to reduce false positives and improve signal‑to‑noise; define and measure alert health metrics such as MTTA and MTTR.
Create and maintain detection testing artifacts (unit tests, synthetic data, and playbooks) to validate detection coverage and their efficacy.
Partner with SOC analysts and incident responders to refine detections and implement playbooks for triage and escalation.
Perform performance optimization on detection queries and correlation rules to scale with increases in data ingestion volumes.
Maintain documentation: use cases, runbooks, and detection logic to name a few.
Conduct periodic reviews of detection coverage against known threats and perform gap analyses.
Participate in threat‑hunting exercises and "Purple Team" engagements to discover new detection opportunities.
Collaborate with the SIEM and security engineering teams on data collection, logging standards, and instrumentation to ensure required telemetry is available.
Monitor and respond to detection regressions after SIEM upgrades or major changes to data sources.
Participate in incident response efforts, coordinating with internal teams and cloud providers to contain and remediate security breaches.
Stay up-to-date with the latest security threats, vulnerabilities, and best practices as they relate to detection engineering and cloud security as a whole.
Provide guidance and training to other team members to enhance overall detection engineering and threat hunting knowledge within the organization.
Requirements:
Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
Extensive experience working with SIEM platforms, with a strong focus on detection engineering and threat hunting.
Strong understanding of cloud security principles, architecture, and best practices.
Experience with cloud‑native security tools and services.
Relevant industry certifications (e.g., Splunk Architect, CISSP, etc.) are a plus.
Solid scripting and automation skills (Python, Bash, PowerShell, etc.).
Excellent problem‑solving and communication skills with the ability to work collaboratively in a team‑oriented environment.
Experience with Infrastructure as Code technologies like CloudFormation and Terraform to deploy infrastructure programmatically.
Proficient using CI/CD tooling and processes to deploy threat detection rules and automation using pipelines.
Strong query language skills (SPL, KQL, etc.) and experience optimizing queries for performance and accuracy.
Join our team to help shape and secure the future of our cloud‑based systems while contributing to the success of our organization as a whole. If you are a proactive, adaptable, and detail‑oriented professional with a passion for cloud security, we encourage you to apply and be part of our exciting journey.
This position will be subject to U.S. export control requirements under the International Traffic in Arms Regulations (ITAR) and/or Export Administration Regulations (EAR). Employment is contingent on either verifying the U.S. Person status or obtaining any necessary export license.
All qualified applicants will receive consideration for employment. Siemens is committed to creating a diverse environment and is proud to be an equal‑opportunity employer. Upon request, Siemens Canada will provide reasonable accommodation for disabilities to support participation of candidates in all aspects of the recruitment process.
By submitting personal information to Siemens Canada Limited or its affiliates, service providers and agents, you consent to our collection, use and disclosure of such information for the purposes described in our Privacy Notice available at www.siemens.ca.
#J-18808-Ljbffr