Senior Cyber Security Engineer

Job Title: Senior Cyber Security Engineer

Shift Timing- Rotational

Work mode- Remote, India

Role Overview:

We are looking for a highly technical Senior SIEM Engineer of experience of 10+ years with deep expertise in enterprise-scale SIEM architecture, data ingestion engineering, detection design, and platform maintenance. The ideal candidate will have strong hands‑on experience in building SIEM solutions from the ground up, optimizing ingestion pipelines, designing advanced correlation logic, and ensuring the SIEM platform remains stable, scalable, and high performing.

Core Responsibilities:

1. SIEM Architecture & Design

• Architect and design scalable SIEM environments (clustered deployments, distributed search heads, indexers, data nodes, collectors, agents, pipelines).
• Define ingestion architecture including syslog tiers, forwarders, collectors, connectors, event hubs, and cloud‑native logging services.
• Design data schemas, field mapping, normalization, and taxonomy aligned to MITRE, ECS, CIM, or custom models.
• Develop onboarding standards, ingestion frameworks, and parsing templates for structured and unstructured logs.
• Define retention strategies, storage planning, index design, tiered storage, and hot/warm/cold architecture.

2. SIEM Implementation & Integration

• Build and deploy SIEM components: forwarders, connectors, heavy forwarders, Logstash/filter nodes, agents, custom ingestion scripts.
• Configure ingestion for Windows, Linux, firewalls, endpoints, cloud workloads, applications, containers, and APIs.
• Create and maintain parsing rules (regex, KQL parsers, field extraction, custom source types).
• Implement identity, network, cloud, and application log sources with full end‑to‑end validation.
• Integrate threat intelligence feeds, enrichments, lookup tables, and contextual metadata.

3. SIEM Detection Engineering

• Develop advanced correlation rules and use cases (statistical, behavioural, sequence‑based, threshold‑based, machine‑learning‑driven).
• Map detections to MITRE ATT&CK and create automated enrichment workflows.
• Conduct rule tuning, false‑positive reduction, threshold optimization, and noise suppression.
• Build dashboards, reports, alerting frameworks, and threat models customized for the environment.

4. SIEM Operations & Maintenance

• Maintain SIEM platform health through upgrades, patching, load balancing, and cluster management.
• Perform ingestion troubleshooting, parsing fixes, queue‑depth monitoring, and pipeline optimization.
• Conduct capacity planning, storage forecasting, index optimization, and performance tuning.
• Implement RBAC, multi‑tenant configurations, ingestion quotas, and compliance‑driven logging controls.
• Build automation for maintenance tasks using Python, PowerShell, Bash, or APIs.

10 + years of experience in cybersecurity with at least 7+ years hands‑on SIEM engineering.

Expert‑level proficiency in one or more SIEM platforms: (Elastic SIEM, Splunk, IBM QRadar, Exabeam, Securonix, or similar)

Strong experience with:

• Log collectors (Syslog‑NG, Rsyslog, Beats, Logstash, FluentD)
• Custom parsers, field extractions, and data normalization
• SIEM data models and schema design
• Designing and deploying ingestion from multi‑cloud environments

Strong scripting skills: Python, PowerShell, Bash

Deep knowledge of network protocols (TCP/UDP, TLS, DNS, VPN, proxies).

Solid understanding of Windows/Linux internals, AD, IAM, firewalls, EDR, and cloud telemetry.

Nice‑to‑Have Skills

Experience managing or integrating:

• WAF platforms (F5, Imperva, Cloudflare, Akamai)
• NDR platforms (Vectra, Corelight, Darktrace, ExtraHop)

Exposure to EDR (CS, Defender), AV (Symantec), SOAR for workflow automation.

Certifications: GCIA, GCDA, GCIH, Splunk Architect, Azure Security, CISSP, or equivalent.

Soft Skills

• Strong problem‑solving mindset with the ability to troubleshoot complex ingestion and platform issues.
• Excellent documentation habits (architecture diagrams, onboarding guides, runbooks).
• Ability to collaborate with infrastructure, DevOps, cloud, and SOC teams.
• Strong leadership capability to mentor junior engineers.

About Company

Protera Technologies ( is an SAP Certified, Global Total IT Outsourcing Provider for SAP‑centric organizations founded in the mid‑1990s. We have been the SAP‑on‑cloud pioneer since running the world’s first SAP production instance on a public cloud. Today, we manage thousands of SAP and related IT workloads on Microsoft Azure, Google Cloud, and Amazon Web Services (AWS).

Headquartered in Chicago, IL, with offices in Athens, Greece, and Mumbai, India, Protera delivers world‑class cloud hosting, application management, and professional services focused on total customer satisfaction.

For more information, visit

• Work from Home set‑up
• Comprehensive medical benefits
• Gratuity, PF, EPS and Bonus, NPS
• Shift Allowances
• On‑call Allowance
• Health and wellness Allowances
• Learning and Development Allowances
• No question asked certification policy.
• Certification Bounty Bonus