Posted 5 days ago
No clicks
**NG SIEM Senior (TC-CS-CDR-NG SIEM-Senior)** - **Lead** SIEM engineering, detection creation, integrated case management. - **Collaborate with** threat, cloud, and IR teams to enhance automation and strengthen SIEM-SOAR ecosystem. - **Key responsibilities include**: ingestion engineering, detection creation (MITRE ATT&CK), correlation workflows design, case lifecycle management, SOAR playbook development, external system integration, and threat intel collaboration. - **Require** 3-6 years of SIEM/SOC detection experience, hands-on experience with CrowdStrike, Azure Sentinel, Splunk, Cribl, expertise in query languages (SPL, KQL, CQL), and knowledge of case management workflows. - **Deploy AI assistants** like Charlotte AI, Sentinel Copilot for detection optimization and AI-driven incident summarization. - **Join EY to** help build a better working world, benefiting clients, people, society, and the planet.
- Compensation
- Not specified
- City
- Not specified
- Country
- India
Currency: Not specified
Full Job Description
At EY, were all in to shape your future with confidence.
Well help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.
Join EY and help to build a better working world.
NGSIEM JD details for Senior
Senior
Role Summary
The NG SIEM Senior role leads ingestion engineering, detection creation, and integrated case management and correlation workflows. This role partners with threat, cloud, and IR teams to enhance automation, reduce noise, and strengthen the SIEMSOAR ecosystem.
Key Responsibilities
- Lead onboarding of strategic log sources via Cribl, cloud collectors, API pipelines.
- Build and optimize parsing, normalization, and enrichment logic.
- Create advanced detections mapped to MITRE ATT&CK using SPL/KQL/CQL/CQL-Advanced.
- Design and optimize correlation logic using Fusion/ML-based engines.
- Lead tuning and noise-reduction activities for Fusion correlation rules.
- Oversee case lifecycle management: triage workflows, enrichments, severity logic, and SLA tracking.
- Develop and maintain SOAR playbooks for automated enrichment, notifications, containment tasks.
- Integrate external systems (EDR, IAM, Email, Firewall) into SOAR workflows.
- Conduct root-cause analysis for ingestion and correlation gaps.
- Collaborate with Threat Intel and Detection teams for new use cases.
- Leverage AI assistants like Charlotte AI and Sentinel Copilot to optimize detection creation, accelerate query building, and reduce investigation time.
- Integrate Microsoft Sentinel with Copilot to enable AI-driven incident summarization, RCA assistance, KQL generation, and automated SOC workflows.
- Evaluate and implement AIpowered SOAR capabilities, including automated enrichment, clustering of similar alerts, and anomalybased playbook triggers.
Skills & Experience
- 36 years in SIEM engineering or SOC detection.
- Strong hands-on experience with Fusion Correlation Engine (CrowdStrike), Azure Sentinel Analytics, or Splunk ES Correlation Searches.
- Experience creating/maintaining SOAR playbooks (Fusion workflows, Sentinel Logic Apps, Splunk SOAR).
- Deep knowledge of case management workflows and alert lifecycle governance.
- Strong in ingestion engineering using Cribl Stream & Lake.
- Expertise in SPL, KQL, CQL query languages.
- Understanding of data models, schemas, threat modelling.
EY | Building a better working world
EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.
Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.
EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.
