Lead SIEM Analyst - CrowdStrike , Cribl

Company: Blue Yonder
Company: Blue Yonder
Location: Bangalore
Commitment: Full time
Posted on: 2026-03-04 05:04
Scope :This role will focus on building, operating, and continuously improving SIEM capabilities that enable proactive threat detection, efficient investigations, and scalable security monitoring across a global, cloud-first enterprise.What You’ll do:Design, implement, and operate SIEM capabilities using CrowdStrike NGSIEMLead onboarding of new log sources, including development of custom parsers, field normalization, and data validationBuild, tune, and maintain detection rules, correlation logic, and alerting aligned with real-world threats and MITRE ATT&CKCreate and maintain dashboards and visualizations to support SOC operations, leadership reporting, and compliance requirementsUse CrowdStrike Query Language (CQL) for advanced investigations, threat hunting, and data analysisDesign and manage log ingestion pipelines using Cribl, including routing, enrichment, filtering, and transformationDevelop and maintain automation and API-based integrations to streamline data onboarding, detection deployment, and operational workflowsPartner with SOC analysts, cloud teams, and platform owners to ensure high-quality, security-relevant telemetryAct as a technical escalation point for SIEM-related investigations and incident responseContinuously improve detection fidelity, data quality, and SIEM performanceSupport audit and compliance initiatives (e.g., PCI-DSS, ISO 27001, SOC 2) through monitoring, reporting, and evidence generationDocument SIEM architecture, data flows, detection logic, and operational runbooksSecurity Tech Stack / ToolsSIEM & DetectionCrowdStrike NGSIEM (primary)Splunk (acceptable alternative where NGSIEM experience is not available)Detection engineering, correlation rules, dashboards, and alertingLog & Data EngineeringCribl (pipelines, routing, enrichment, filtering)Custom parser development and log normalizationAutomation & IntegrationPython, PowerShellREST APIs, WebhooksAutomation for SIEM operations and integrationsAny SOAR Tool ExperienceWhat We’re Looking For5 - 8 years of hands-on experience in SIEM engineering, detection engineering, or security monitoringStrong hands-on experience with CrowdStrike NGSIEM is requiredCandidates without NGSIEM experience must demonstrate deep, hands-on SIEM engineering experience using Splunk in enterprise environmentsProven experience developing custom parsers and onboarding diverse log sourcesHands-on experience with CrowdStrike Query Language (CQL) or equivalent SIEM query languagesStrong experience building detection rules, dashboards, and alerting for SOC operationsHands-on experience with Cribl for log routing, enrichment, and pipeline optimizationExperience with automation and API-based integrationsSolid understanding of security telemetry, log formats, and large-scale log ingestion architecturesAbility to work effectively in a global, fast-paced environmentPreferred Skills / Nice to HaveCrowdStrike Certified Security Engineer (CCSE) – strong plusExperience supporting SOC or MSSP environmentsFamiliarity with compliance-driven monitoring (PCI-DSS, ISO 27001, SOC 2)Experience leading SIEM modernization or large-scale onboarding initiativesStrong communication skills and ability to collaborate across engineering and security teamsOur ValuesIf you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core ValuesAll qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
View Original Job Posting