TC-CS-CDR-NG SIEM-Senior

Location: Trivandrum

Other locations: Anywhere in Country

Date: May 7, 2026

Requisition ID: 1696275

At EY, we’re all in to shape your future with confidence.

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.

Join EY and help to build a better working world.

NGSIEM JD details for Senior

Senior

Role Summary

The NG SIEM Senior role leads ingestion engineering, detection creation, and integrated case management and correlation workflows. This role partners with threat, cloud, and IR teams to enhance automation, reduce noise, and strengthen the SIEM–SOAR ecosystem.

Key Responsibilities

Lead onboarding of strategic log sources via Cribl, cloud collectors, API pipelines.
Build and optimize parsing, normalization, and enrichment logic.
Create advanced detections mapped to MITRE ATT&CK using SPL/KQL/CQL/CQL-Advanced.
Design and optimize correlation logic using Fusion/ML-based engines.
Lead tuning and noise-reduction activities for Fusion correlation rules.
Oversee case lifecycle management: triage workflows, enrichments, severity logic, and SLA tracking.
Develop and maintain SOAR playbooks for automated enrichment, notifications, containment tasks.
Integrate external systems (EDR, IAM, Email, Firewall) into SOAR workflows.
Conduct root-cause analysis for ingestion and correlation gaps.
Collaborate with Threat Intel and Detection teams for new use cases.
Leverage AI assistants like Charlotte AI and Sentinel Copilot to optimize detection creation, accelerate query building, and reduce investigation time.
Integrate Microsoft Sentinel with Copilot to enable AI-driven incident summarization, RCA assistance, KQL generation, and automated SOC workflows.
Evaluate and implement AI‑powered SOAR capabilities, including automated enrichment, clustering of similar alerts, and anomaly‑based playbook triggers.

Skills & Experience

3–6 years in SIEM engineering or SOC detection.
Strong hands-on experience with Fusion Correlation Engine (CrowdStrike), Azure Sentinel Analytics, or Splunk ES Correlation Searches.
Experience creating/maintaining SOAR playbooks (Fusion workflows, Sentinel Logic Apps, Splunk SOAR).
Deep knowledge of case management workflows and alert lifecycle governance.
Strong in ingestion engineering using Cribl Stream & Lake.
Expertise in SPL, KQL, CQL query languages.
Understanding of data models, schemas, threat modelling.

EY | Building a better working world

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

Provider	Description	Enabled
AddThis	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions
Google Analytics	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions
Google Tag Manager	Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing, and more. Privacy Policy Terms and Conditions

TC-CS-CDR-NG SIEM-Senior

Job description