Greetings from Netsach - A Cyber Security Company.

Role Summary:

We are seeking a Cybersecurity Engineer with 3-5yrs of expertise in Detection Rule Engineering, to play a pivotal role in developing a detection rule dataset for Large Language Models. The ideal candidate will have hands-on experience in creating and fine-tuning detection rules for SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) systems along with proficiency in SIGMA Rule creation and conversion. Also, the candidate is expected to have testing experience to validate the generated rules.

Job Title: Cybersecurity Engineer (Detection Rule Engineering)

Location: Noida, Chennai, Bangalore

Notice- Immediate joiners only

Experience: 3-5 yrs.

Contract duration- 6 Months to 1yrs + extension

Job Description / Responsibilities:

• Design, develop, and maintain detection rules, queries, and alerts in SIEM (Splunk preferred) and EDR (Microsoft Defender preferred) environments.
• Write custom SIEM and EDR queries corresponding to MITRE TTPs for comprehensive coverage.
• Test and validate the accuracy of developed SIEM and EDR queries and corresponding SIGMA rules.
• Establish a mechanism to translate EDR/SIEM queries to SIGMA rules and develop a comprehensive dataset of detection rules.
• Stay updated on the latest threats, vulnerabilities, and detection methodologies and apply them in rule creation.
• Collaborate with other stakeholders in application of Rules dataset for fine tuning of LLMs and RAG implementation. 

Communication and Documentation:

• Excellent written and oral communication, presentation, listening and interpersonal skills.
• Collaborating effectively with internal and external team.
• Excellent reporting, time management, analytical & communication skills.

Preferred Skills: 

• Exposure to RAG (Retrieval-Augmented Generation) and fine-tuning of LLMs for cybersecurity tasks.
• Hands-on experience with Microsoft Defender EDR and Splunk SIEM.
• Certifications such as Splunk Certified User, Microsoft Certified: Security Operations Analyst Associate, GIAC Certified Detection Analyst (GCDA), or equivalent.

Qualifications and Technical Skills:

• 2+ years of previous experience in Cybersecurity domain specializing in Detection Rule Engineering.
• Proven experience in creating and managing detection queries and rules in SIEM (Splunk) and EDR (Microsoft Defender) environments.
• Strong understanding of SIGMA rules, their use, and how to convert detection logic between different platforms.
• Experience with log analysis, threat intelligence integration, and use case development for SIEM and EDR systems.
• Deep knowledge of security event analysis, log aggregation, and threat detection methodologies.
• Familiarity with threat detection techniques like anomaly detection, behavior analytics, and indicator-based detection.
• Knowledge of network protocols, operating system internals, and security monitoring techniques.
• Scripting skills in languages such as Python, PowerShell, or bash for rule creation and automation.
• Strong troubleshooting and problem-solving skills.
• Familiarity with cybersecurity frameworks such as MITRE ATT&CK, Cyber Kill Chain, and NIST.

Thank You

Emily Jha

emily@netsach.co.in

Netsach - A Cyber Security Company

www.netsachglobal.com