Siemens Digital Industries Software
Siemens, a leading software organization, is seeking a highly skilled and motivated Cloud Security (Detection) Engineer to join our dynamic and innovative team. As a company committed to harnessing the power of cloud technologies on our SaaS journey, we are looking for an experienced professional to enhance our threat detection engineering capabilities to ensure the security and integrity of our cloud-based workloads.
Role Overview As a Cloud Security (Detection) Engineer, you will be responsible for designing, developing, tuning, and maintaining high‑fidelity detection logic and alerting within our SIEM platform. You will implement the necessary logic to identify malicious activity and reduce the alerting fatigue of our Security Operations Center (SOC) analysts.
Responsibilities
Design and implement SIEM detection rules, correlation logic, and analytics to identify adversary activity across logs, network telemetry, endpoint data, cloud services, and identity systems.
Translate threat intelligence and SOC feedback into prioritized detections and use cases.
Author and maintain parsers, normalization, and enrichment pipelines to ensure consistent data collection that maps to specific standards (OCSF, CIM, etc.).
Tune alerts to reduce false positives and improve signal‑to‑noise; define and measure alert health metrics such as MTTA and MTTR.
Create and maintain detection testing artifacts (unit tests, synthetic data, and playbooks) to validate detection coverage and efficacy.
Partner with SOC analysts and incident responders to refine detections and implement playbooks for triage and escalation.
Perform performance optimization on detection queries and correlation rules to scale with increases in data ingestion volumes.
Maintain documentation: use cases, runbooks, and detection logic.
Conduct periodic reviews of detection coverage against known threats and perform gap analyses.
Participate in threat‑hunting exercises and “Purple Team” engagements to discover new detection opportunities.
Collaborate with the SIEM and security engineering teams on data collection, logging standards, and instrumentation to ensure required telemetry is available.
Monitor and respond to detection regressions after SIEM upgrades or major changes to data sources.
Participate in incident response efforts, coordinating with internal teams and cloud providers to contain and remediate security breaches.
Stay up-to-date with the latest security threats, vulnerabilities, and best practices as they relate to detection engineering and cloud security as a whole.
Provide guidance and training to other team members to enhance overall detection engineering and threat hunting knowledge within the organization.
Requirements
Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
Extensive experience working with SIEM platforms, with a strong focus on detection engineering and threat hunting.
Strong understanding of cloud security principles, architecture, and best practices.
Experience with cloud‑native security tools and services.
Relevant industry certifications (e.g., Splunk Architect, CISSP, etc.) are a plus.
Solid scripting and automation skills (Python, Bash, PowerShell, etc.).
Excellent problem‑solving and communication skills with the ability to work collaboratively in a team‑oriented environment.
Experience with Infrastructure as Code technologies like CloudFormation and Terraform to deploy infrastructure programmatically.
Proficient using CI/CD tooling and processes to deploy threat detection rules and automation using pipelines.
Strong query language skills (SPL, KQL, etc.) and experience optimizing queries for performance and accuracy.
This position will be subject to U.S. export control requirements under the International Traffic in Arms Regulations (ITAR) and/or Export Administration Regulations (EAR). Employment is contingent on either verifying the U.S. Person status or obtaining any necessary export license.
Why us? Working at Siemens Software means flexibility – choosing between working at home and the office is the norm. We offer great benefits and rewards, as you'd expect from a world leader in industrial software. We are dedicated to equality and welcome applications that reflect the diversity of the communities we work in. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and creativity and help us shape tomorrow!
Join our team to help shape and secure the future of our cloud‑based systems while contributing to the success of our organization as a whole. If you are a proactive, adaptable, and detail‑oriented professional with a passion for cloud security, we encourage you to apply and be part of our exciting journey.
#J-18808-Ljbffr
Role Overview As a Cloud Security (Detection) Engineer, you will be responsible for designing, developing, tuning, and maintaining high‑fidelity detection logic and alerting within our SIEM platform. You will implement the necessary logic to identify malicious activity and reduce the alerting fatigue of our Security Operations Center (SOC) analysts.
Responsibilities
Design and implement SIEM detection rules, correlation logic, and analytics to identify adversary activity across logs, network telemetry, endpoint data, cloud services, and identity systems.
Translate threat intelligence and SOC feedback into prioritized detections and use cases.
Author and maintain parsers, normalization, and enrichment pipelines to ensure consistent data collection that maps to specific standards (OCSF, CIM, etc.).
Tune alerts to reduce false positives and improve signal‑to‑noise; define and measure alert health metrics such as MTTA and MTTR.
Create and maintain detection testing artifacts (unit tests, synthetic data, and playbooks) to validate detection coverage and efficacy.
Partner with SOC analysts and incident responders to refine detections and implement playbooks for triage and escalation.
Perform performance optimization on detection queries and correlation rules to scale with increases in data ingestion volumes.
Maintain documentation: use cases, runbooks, and detection logic.
Conduct periodic reviews of detection coverage against known threats and perform gap analyses.
Participate in threat‑hunting exercises and “Purple Team” engagements to discover new detection opportunities.
Collaborate with the SIEM and security engineering teams on data collection, logging standards, and instrumentation to ensure required telemetry is available.
Monitor and respond to detection regressions after SIEM upgrades or major changes to data sources.
Participate in incident response efforts, coordinating with internal teams and cloud providers to contain and remediate security breaches.
Stay up-to-date with the latest security threats, vulnerabilities, and best practices as they relate to detection engineering and cloud security as a whole.
Provide guidance and training to other team members to enhance overall detection engineering and threat hunting knowledge within the organization.
Requirements
Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
Extensive experience working with SIEM platforms, with a strong focus on detection engineering and threat hunting.
Strong understanding of cloud security principles, architecture, and best practices.
Experience with cloud‑native security tools and services.
Relevant industry certifications (e.g., Splunk Architect, CISSP, etc.) are a plus.
Solid scripting and automation skills (Python, Bash, PowerShell, etc.).
Excellent problem‑solving and communication skills with the ability to work collaboratively in a team‑oriented environment.
Experience with Infrastructure as Code technologies like CloudFormation and Terraform to deploy infrastructure programmatically.
Proficient using CI/CD tooling and processes to deploy threat detection rules and automation using pipelines.
Strong query language skills (SPL, KQL, etc.) and experience optimizing queries for performance and accuracy.
This position will be subject to U.S. export control requirements under the International Traffic in Arms Regulations (ITAR) and/or Export Administration Regulations (EAR). Employment is contingent on either verifying the U.S. Person status or obtaining any necessary export license.
Why us? Working at Siemens Software means flexibility – choosing between working at home and the office is the norm. We offer great benefits and rewards, as you'd expect from a world leader in industrial software. We are dedicated to equality and welcome applications that reflect the diversity of the communities we work in. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and creativity and help us shape tomorrow!
Join our team to help shape and secure the future of our cloud‑based systems while contributing to the success of our organization as a whole. If you are a proactive, adaptable, and detail‑oriented professional with a passion for cloud security, we encourage you to apply and be part of our exciting journey.
#J-18808-Ljbffr