SIEM Engineer

About the Role We are looking for a

Senior Security Engineer

with strong experience in SIEM implementation and detection engineering to support the integration and optimization of Google SecOps within a cloud-native banking environment. This role will focus on large-scale log ingestion, detection rule creation, alert tuning, and continuous improvement of security monitoring capabilities across AWS-based infrastructure.

Key Responsibilities Lead integration of logs into Google SecOps from AWS and other security tools Design and implement log ingestion pipelines (CloudTrail, VPC Flow Logs, IAM, Kubernetes, APIs) Develop and refine detection rules and correlation logic Reduce false positives and optimize alert quality Implement detection use cases aligned with MITRE ATT&CK Collaborate with SOC, Incident Response, and Cloud teams Support audit and compliance requirements (e.g., regulatory logging standards) Contribute to threat hunting and continuous monitoring improvements

Required Skills & Experience

5+ years in Cybersecurity 2+ years working with SIEM platforms (Google SecOps preferred) Hands-on experience with: SIEM rule development Log normalization and parsing Cloud security monitoring (AWS required) Strong knowledge of: AWS security logs (CloudTrail, GuardDuty, VPC Flow Logs) Detection engineering methodologies Threat modeling & MITRE ATT&CK Experience reducing false positives and tuning alerts in production environments Familiarity with query languages (UDM, KQL, SPL, or similar) Experience in regulated environments (banking/fintech) is a strong plus

Nice to Have

Experience migrating SIEM platforms Exposure to fraud detection use cases Infrastructure as Code knowledge (Terraform) Security certifications (GCIA, GCIH, CISSP, etc.)

What We’re Looking For Strong analytical mindset Ability to think like an attacker Experience working in high-scale cloud environments Comfort operating in regulated industries Proactive, ownership-driven approach

Discover more about Capitole here

And have a look to how others think we are

We are excited to meet you!

The employee will adhere to information security policies: -Will have access to confidential information related to Capitole and the project they are working on. -Must comply with the security policies and internal policies of the company and the client. -Must sign an NDA.