Detection Engineer

Role: Detection Engineer – Splunk, Risk Analytics & Machine LearningLocation- All HCL Prime LocationsExperience- 9+ yearsWe are seeking a Detection Engineer with strong Splunk Enterprise Security, Risk-Based Alerting, and security analytics experience. The role will be responsible for developing, tuning, and maintaining Splunk SPL detections, correlation searches, dashboards, and risk-based alerting rules across enterprise security data sources.The candidate should have hands-on experience with Splunk SPL, Splunk Enterprise Security, MITRE ATT&CK, SIEM use case development, alert tuning, threat hunting, and SOC support. Exposure to Python, Pandas, NumPy, Scikit-learn, anomaly detection, clustering, and behavioral analytics is preferred.The role involves developing high-fidelity detections, assigning contextual risk scores to users and assets, aggregating multiple low-confidence signals into high-confidence alerts, reducing false positives, supporting incident response, and improving overall security monitoring maturity.Required Key SkillsSIEM & Splunk SkillsStrong hands-on experience with Splunk SPL.Experience with Splunk Enterprise Security.Knowledge of correlation searches, notable events, risk rules, dashboards, and reports.Understanding of Splunk CIM, data models, accelerated data models, and tstats.Ability to onboard, validate, and analyze security log sources.Experience with alert tuning, false positive reduction, and detection optimization.Detection Engineering SkillsStrong understanding of SIEM use case development.Experience creating detections for endpoint, identity, network, cloud, proxy, DNS, VPN, and email logs.Ability to convert attacker behavior into detection logic.Knowledge of the detection engineering lifecycle: requirement gathering, data validation, rule development, testing, tuning, deployment, documentation, and continuous improvement.Familiarity with detection-as-code practices using Git, YAML, Sigma, or CI/CD pipelines.Risk Analytics SkillsExperience with Risk-Based Alerting.Ability to design entity-based risk scoring models.Understanding of user, host, IP, service account, and cloud identity risk.Knowledge of cumulative risk aggregation and alert prioritization.Ability to tune risk scores based on business context, asset criticality, and threat severity.Experience building risk dashboards and risk trend reporting.Machine Learning & Data Analytics SkillsWorking knowledge of Python for security analytics.Exposure to Pandas, NumPy, Matplotlib, Scikit-learn, and Jupyter Notebook.Understanding of baselines, outliers, standard deviation, frequency analysis, rarity analysis, seasonality, and behavioral deviation.Exposure to Isolation Forest, DBSCAN, K-Means, One-Class SVM, Random Forest, Logistic Regression, and PCA.Ability to perform exploratory data analysis on large security datasets.Ability to translate ML insights into practical Splunk detections or risk scoring logic.Cybersecurity Domain SkillsStrong understanding of cyber threats and attacker techniques.Knowledge of MITRE ATT&CK framework.Experience with credential theft, brute force, password spraying, MFA fatigue, privilege escalation, lateral movement, persistence, defense evasion, command-and-control, data exfiltration, insider threat, and cloud account compromise.Familiarity with Windows, Linux, Active Directory, Azure AD / Entra ID, AWS, firewalls, proxies, DNS, EDR, and VPN logs.Preferred Key SkillsSplunk Enterprise Security administration experience.Splunk Risk-Based Alerting implementation experience.Experience with Splunk Machine Learning Toolkit.Hands-on experience with SOAR platforms such as Splunk SOAR, Cortex XSOAR, or ServiceNow SecOps.Experience with EDR tools such as CrowdStrike, Microsoft Defender, SentinelOne, or Carbon Black.Cloud security log experience from AWS, Azure, or GCP.Knowledge of threat hunting methodologies.Experience with purple team validation and attack simulation.Familiarity with malware behavior, incident response, and digital forensics concepts.Knowledge of Sigma rules and detection-as-code frameworks.Tools & TechnologiesSIEM: Splunk Enterprise, Splunk Enterprise SecurityQuery Language: Splunk SPLAnalytics: Python, Pandas, NumPy, Scikit-learn, Jupyter NotebookSecurity Frameworks: MITRE ATT&CK, Cyber Kill ChainDetection Methods: Correlation rules, risk-based alerting, anomaly detection, behavioral analyticsSecurity Logs: Windows Event Logs, Sysmon, Linux logs, EDR, Firewall, Proxy, DNS, VPN, IAM, CloudTrail, Azure AD / Entra IDAutomation: SOAR, ticketing integration, alert enrichmentDocumentation: Detection logic, use case design, runbooks, analyst response guidesQualificationsBachelor’s degree in Cybersecurity, Computer Science, Data Science, Information Technology, or equivalent practical experience.10+ years of experience in SOC, SIEM engineering, cyber defense, threat detection, or security analytics.3+ years of hands-on Splunk experience.Experience developing and tuning Splunk SPL-based detections.Exposure to Python-based analytics or machine learning exploration.Strong analytical, communication, and documentation skills.

Apply Now