Skip to main content
H

Detection Engineer

HCLTech

Location

Bengaluru, Karnataka, India

Salary

Not specified

Type

fulltime

Posted

Today

via linkedin

Job Description

Role: Detection Engineer – Splunk, Risk Analytics \& Machine Learning

Location- All HCL Prime Locations

Experience- 9\+ years

We are seeking a Detection Engineer with strong Splunk Enterprise Security, Risk-Based Alerting, and security analytics experience. The role will be responsible for developing, tuning, and maintaining Splunk SPL detections, correlation searches, dashboards, and risk-based alerting rules across enterprise security data sources.

The candidate should have hands-on experience with Splunk SPL, Splunk Enterprise Security, MITRE ATT\&CK, SIEM use case development, alert tuning, threat hunting, and SOC support. Exposure to Python, Pandas, NumPy, Scikit-learn, anomaly detection, clustering, and behavioral analytics is preferred.

The role involves developing high-fidelity detections, assigning contextual risk scores to users and assets, aggregating multiple low-confidence signals into high-confidence alerts, reducing false positives, supporting incident response, and improving overall security monitoring maturity.

Required Key Skills

SIEM \& Splunk Skills

  • Strong hands-on experience with Splunk SPL.
  • Experience with Splunk Enterprise Security.
  • Knowledge of correlation searches, notable events, risk rules, dashboards, and reports.
  • Understanding of Splunk CIM, data models, accelerated data models, and tstats.
  • Ability to onboard, validate, and analyze security log sources.
  • Experience with alert tuning, false positive reduction, and detection optimization.

Detection Engineering Skills

  • Strong understanding of SIEM use case development.
  • Experience creating detections for endpoint, identity, network, cloud, proxy, DNS, VPN, and email logs.
  • Ability to convert attacker behavior into detection logic.
  • Knowledge of the detection engineering lifecycle: requirement gathering, data validation, rule development, testing, tuning, deployment, documentation, and continuous improvement.
  • Familiarity with detection-as-code practices using Git, YAML, Sigma, or CI/CD pipelines.

Risk Analytics Skills

  • Experience with Risk-Based Alerting.
  • Ability to design entity-based risk scoring models.
  • Understanding of user, host, IP, service account, and cloud identity risk.
  • Knowledge of cumulative risk aggregation and alert prioritization.
  • Ability to tune risk scores based on business context, asset criticality, and threat severity.
  • Experience building risk dashboards and risk trend reporting.

Machine Learning \& Data Analytics Skills

  • Working knowledge of Python for security analytics.
  • Exposure to Pandas, NumPy, Matplotlib, Scikit-learn, and Jupyter Notebook.
  • Understanding of baselines, outliers, standard deviation, frequency analysis, rarity analysis, seasonality, and behavioral deviation.
  • Exposure to Isolation Forest, DBSCAN, K-Means, One-Class SVM, Random Forest, Logistic Regression, and PCA.
  • Ability to perform exploratory data analysis on large security datasets.
  • Ability to translate ML insights into practical Splunk detections or risk scoring logic.

Cybersecurity Domain Skills

  • Strong understanding of cyber threats and attacker techniques.
  • Knowledge of MITRE ATT\&CK framework.
  • Experience with credential theft, brute force, password spraying, MFA fatigue, privilege escalation, lateral movement, persistence, defense evasion, command-and-control, data exfiltration, insider threat, and cloud account compromise.
  • Familiarity with Windows, Linux, Active Directory, Azure AD / Entra ID, AWS, firewalls, proxies, DNS, EDR, and VPN logs.

Preferred Key Skills

  • Splunk Enterprise Security administration experience.
  • Splunk Risk-Based Alerting implementation experience.
  • Experience with Splunk Machine Learning Toolkit.
  • Hands-on experience with SOAR platforms such as Splunk SOAR, Cortex XSOAR, or ServiceNow SecOps.
  • Experience with EDR tools such as CrowdStrike, Microsoft Defender, SentinelOne, or Carbon Black.
  • Cloud security log experience from AWS, Azure, or GCP.
  • Knowledge of threat hunting methodologies.
  • Experience with purple team validation and attack simulation.
  • Familiarity with malware behavior, incident response, and digital forensics concepts.
  • Knowledge of Sigma rules and detection-as-code frameworks.

Tools \& Technologies

  • SIEM: Splunk Enterprise, Splunk Enterprise Security
  • Query Language: Splunk SPL
  • Analytics: Python, Pandas, NumPy, Scikit-learn, Jupyter Notebook
  • Security Frameworks: MITRE ATT\&CK, Cyber Kill Chain
  • Detection Methods: Correlation rules, risk-based alerting, anomaly detection, behavioral analytics
  • Security Logs: Windows Event Logs, Sysmon, Linux logs, EDR, Firewall, Proxy, DNS, VPN, IAM, CloudTrail, Azure AD / Entra ID
  • Automation: SOAR, ticketing integration, alert enrichment
  • Documentation: Detection logic, use case design, runbooks, analyst response guides

Qualifications

  • Bachelor’s degree in Cybersecurity, Computer Science, Data Science, Information Technology, or equivalent practical experience.
  • 10\+ years of experience in SOC, SIEM engineering, cyber defense, threat detection, or security analytics.
  • 3\+ years of hands-on Splunk experience.
  • Experience developing and tuning Splunk SPL-based detections.
  • Exposure to Python-based analytics or machine learning exploration.
  • Strong analytical, communication, and documentation skills.

Looking for more opportunities?

Browse thousands of graduate jobs and entry-level positions.

All JobsSoftware Engineer JobsData Scientist JobsCareer Tips
Browse All Jobs
More JobsApply Now