Jobs filters
CLOUD SECURITY ENGINEER - 489078
Oakville, CanadaSiemens Digital Industries Software is driving transformation to enable a digital enterprise where engineering, manufacturing and electronics design meet tomorrow. Our solutions help companies of all sizes create and leverage digital twins that provide organizations with new insights, opportunities and levels of automation to drive innovation.
Company Overview:
Siemens, a leading software organization, is seeking a highly skilled and motivated Cloud Security (Detection) Engineer to join our dynamic and innovative team. As a company committed to harnessing the power of cloud technologies on our SaaS journey, we are seeking an experienced professional to enhance our threat detection engineering capabilities to ensure the security and integrity of our cloud-based workloads.
Role Overview:
As a Cloud Security (Detection) Engineer, you will be responsible for designing, developing, tuning, and maintaining high fidelity detection logic and alerting within our SIEM platform. A successful candidate in this role will implement the necessary logic to identify malicious activity and reduce the alerting fatigue of our Security Operations Center (SOC) analysts.
Responsibilities:
This role spans numerous domains including, but not limited to, threat intelligence, security operations, and engineering, to translate TTPs (tactics, techniques, and procedures) into reliable detections. Additionally, you will implement automated testing and validation of these alerts as well as optimize their performance and the signal-to-noise ratio, thus enabling effective incident response through high-quality telemetry and contextual enrichment. Some of the specific responsibilities which fall under these domains include the following:
• Design and implement SIEM detection rules, correlation logic, and analytics to identify adversary activity across logs, network telemetry, endpoint data, cloud services, and identity systems.
• Translate threat intelligence and SOC feedback into prioritized detections and use cases.
• Author and maintain parsers, normalization, and enrichment pipelines to ensure consistent data collection which maps to specific standards (OCSF, CIM, etc.).
• Tune alerts to reduce false positives and improve signal-to-noise; define and measure alert health metrics such as MTTA and MTTR.
• Create and maintain detection testing artifacts (unit tests, synthetic data, and playbooks) to validate detection coverage and their efficacy.
• Partner with SOC analysts and incident responders to refine detections and implement playbooks for triage and escalation.
• Perform performance optimization on detection queries and correlation rules to scale with increases in data ingestion volumes.
• Maintain documentation: use cases, runbooks, and detection logic to name a few.
• Conduct periodic reviews of detection coverage against known threats and perform gap analyses.
• Participate in threat-hunting exercises and "Purple Team" engagements to discover new detection opportunities.
• Collaborate with the SIEM and security engineering teams on data collection, logging standards, and instrumentation to ensure required telemetry is available.
• Monitor and respond to detection regressions after SIEM upgrades or major changes to data sources.
• Participate in incident response efforts, coordinating with internal teams and cloud providers to contain and remediate security breaches.
• Stay up-to-date with the latest security threats, vulnerabilities, and best practices as they relate to detection engineering and cloud security as a whole.
• Provide guidance and training to other team members to enhance overall detection engineering and threat hunting knowledge within the organization.
Requirements:
• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Extensive experience working with SIEM platforms, with a strong focus on detection engineering and threat hunting.
• Strong understanding of cloud security principles, architecture, and best practices.
• Experience with cloud-native security tools and services.
• Relevant industry certifications (e.g., Splunk Architect, CISSP, etc.) are a plus.
• Solid scripting and automation skills (Python, Bash, PowerShell, etc.).
• Excellent problem-solving and communication skills with the ability to work collaboratively in a team-oriented environment.
• Experience with Infrastructure as Code technologies like CloudFormation and Terraform to deploy infrastructure programmatically.
• Proficient using CI/CD tooling and processes to deploy threat detection rules and automation using pipelines.
• Strong query language skills (SPL, KQL, etc.) and experience optimizing queries for performance and accuracy.
Join our team to help shape and secure the future of our cloud-based systems while contributing to the success of our organization as a whole. If you are a proactive, adaptable, and detail-oriented professional with a passion for cloud security, we encourage you to apply and be part of our exciting journey
This position will be subject to U.S. export control requirements under the International Traffic in Arms Regulations (ITAR) and/or Export Administration Regulations (EAR). Employment is contingent on either verifying the U.S. Person status or obtaining any necessary export license.
Why us?
Working at Siemens Software means flexibility - Choosing between working at home and the office at other times is the norm here. We offer great benefits and rewards, as you'd expect from a world leader in industrial software.
A collection of over 377,000 minds building the future one day at a time in over 200 countries. We're dedicated to equality, and we welcome applications that reflect the diversity of the communities we work in. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and creativity and help us shape tomorrow!
Siemens Software. Transform the Everyday with Us
#LI-PLM #LI-HYBRID
Siemens, a leading software organization, is seeking a highly skilled and motivated Cloud Security (Detection) Engineer to join our dynamic and innovative team. As a company committed to harnessing the power of cloud technologies on our SaaS journey, we are seeking an experienced professional to enhance our threat detection engineering capabilities to ensure the security and integrity of our cloud-based workloads.
Role Overview:
As a Cloud Security (Detection) Engineer, you will be responsible for designing, developing, tuning, and maintaining high fidelity detection logic and alerting within our SIEM platform. A successful candidate in this role will implement the necessary logic to identify malicious activity and reduce the alerting fatigue of our Security Operations Center (SOC) analysts.
Responsibilities:
This role spans numerous domains including, but not limited to, threat intelligence, security operations, and engineering, to translate TTPs (tactics, techniques, and procedures) into reliable detections. Additionally, you will implement automated testing and validation of these alerts as well as optimize their performance and the signal-to-noise ratio, thus enabling effective incident response through high-quality telemetry and contextual enrichment. Some of the specific responsibilities which fall under these domains include the following:
• Design and implement SIEM detection rules, correlation logic, and analytics to identify adversary activity across logs, network telemetry, endpoint data, cloud services, and identity systems.
• Translate threat intelligence and SOC feedback into prioritized detections and use cases.
• Author and maintain parsers, normalization, and enrichment pipelines to ensure consistent data collection which maps to specific standards (OCSF, CIM, etc.).
• Tune alerts to reduce false positives and improve signal-to-noise; define and measure alert health metrics such as MTTA and MTTR.
• Create and maintain detection testing artifacts (unit tests, synthetic data, and playbooks) to validate detection coverage and their efficacy.
• Partner with SOC analysts and incident responders to refine detections and implement playbooks for triage and escalation.
• Perform performance optimization on detection queries and correlation rules to scale with increases in data ingestion volumes.
• Maintain documentation: use cases, runbooks, and detection logic to name a few.
• Conduct periodic reviews of detection coverage against known threats and perform gap analyses.
• Participate in threat-hunting exercises and "Purple Team" engagements to discover new detection opportunities.
• Collaborate with the SIEM and security engineering teams on data collection, logging standards, and instrumentation to ensure required telemetry is available.
• Monitor and respond to detection regressions after SIEM upgrades or major changes to data sources.
• Participate in incident response efforts, coordinating with internal teams and cloud providers to contain and remediate security breaches.
• Stay up-to-date with the latest security threats, vulnerabilities, and best practices as they relate to detection engineering and cloud security as a whole.
• Provide guidance and training to other team members to enhance overall detection engineering and threat hunting knowledge within the organization.
Requirements:
• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Extensive experience working with SIEM platforms, with a strong focus on detection engineering and threat hunting.
• Strong understanding of cloud security principles, architecture, and best practices.
• Experience with cloud-native security tools and services.
• Relevant industry certifications (e.g., Splunk Architect, CISSP, etc.) are a plus.
• Solid scripting and automation skills (Python, Bash, PowerShell, etc.).
• Excellent problem-solving and communication skills with the ability to work collaboratively in a team-oriented environment.
• Experience with Infrastructure as Code technologies like CloudFormation and Terraform to deploy infrastructure programmatically.
• Proficient using CI/CD tooling and processes to deploy threat detection rules and automation using pipelines.
• Strong query language skills (SPL, KQL, etc.) and experience optimizing queries for performance and accuracy.
Join our team to help shape and secure the future of our cloud-based systems while contributing to the success of our organization as a whole. If you are a proactive, adaptable, and detail-oriented professional with a passion for cloud security, we encourage you to apply and be part of our exciting journey
This position will be subject to U.S. export control requirements under the International Traffic in Arms Regulations (ITAR) and/or Export Administration Regulations (EAR). Employment is contingent on either verifying the U.S. Person status or obtaining any necessary export license.
Why us?
Working at Siemens Software means flexibility - Choosing between working at home and the office at other times is the norm here. We offer great benefits and rewards, as you'd expect from a world leader in industrial software.
A collection of over 377,000 minds building the future one day at a time in over 200 countries. We're dedicated to equality, and we welcome applications that reflect the diversity of the communities we work in. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and creativity and help us shape tomorrow!
Siemens Software. Transform the Everyday with Us
#LI-PLM #LI-HYBRID