Role: Detection Engineer – Splunk, Risk Analytics & Machine Learning
Location- All HCL Prime Locations
Experience- 9+ years

We are seeking a Detection Engineer with strong Splunk Enterprise Security, Risk-Based Alerting, and security analytics experience. The role will be responsible for developing, tuning, and maintaining Splunk SPL detections, correlation searches, dashboards, and risk-based alerting rules across enterprise security data sources.
The candidate should have hands-on experience with Splunk SPL, Splunk Enterprise Security, MITRE ATT&CK;, SIEM use case development, alert tuning, threat hunting, and SOC support. Exposure to Python, Pandas, NumPy, Scikit-learn, anomaly detection, clustering, and behavioral analytics is preferred.
The role involves developing high-fidelity detections, assigning contextual risk scores to users and assets, aggregating multiple low-confidence signals into high-confidence alerts, reducing false positives, supporting incident response, and improving overall security monitoring maturity.

Required Key Skills
SIEM & Splunk Skills
Strong hands-on experience with Splunk SPL.
Experience with Splunk Enterprise Security.
Knowledge of correlation searches, notable events, risk rules, dashboards, and reports.
Understanding of Splunk CIM, data models, accelerated data models, and tstats.
Ability to onboard, validate, and analyze security log sources.
Experience with alert tuning, false positive reduction, and detection optimization.
Detection Engineering Skills
Strong understanding of SIEM use case development.
Experience creating detections for endpoint, identity, network, cloud, proxy, DNS, VPN, and email logs.
Ability to convert attacker behavior into detection logic.
Knowledge of the detection engineering lifecycle: requirement gathering, data validation, rule development, testing, tuning, deployment, documentation, and continuous improvement.




Familiarity with detection-as-code practices using Git, YAML, Sigma, or CI/CD pipelines.
Risk Analytics Skills
Experience with Risk-Based Alerting.
Ability to design entity-based risk scoring models.
Understanding of user, host, IP, service account, and cloud identity risk.
Knowledge of cumulative risk aggregation and alert prioritization.
Ability to tune risk scores based on business context, asset criticality, and threat severity.
Experience building risk dashboards and risk trend reporting.
Machine Learning & Data Analytics Skills
Working knowledge of Python for security analytics.
Exposure to Pandas, NumPy, Matplotlib, Scikit-learn, and Jupyter Notebook.
Understanding of baselines, outliers, standard deviation, frequency analysis, rarity analysis, seasonality, and behavioral deviation.
Exposure to Isolation Forest, DBSCAN, K-Means, One-Class SVM, Random Forest, Logistic Regression, and PCA.
Ability to perform exploratory data analysis on large security datasets.
Ability to translate ML insights into practical Splunk detections or risk scoring logic.
Cybersecurity Domain Skills
Strong understanding of cyber threats and attacker techniques.
Knowledge of MITRE ATT&CK; framework.
Experience with credential theft, brute force, password spraying, MFA fatigue, privilege escalation, lateral movement, persistence, defense evasion, command-and-control, data exfiltration, insider threat, and cloud account compromise.
Familiarity with Windows, Linux, Active Directory, Azure AD / Entra ID, AWS,



firewalls, proxies, DNS, EDR, and VPN logs.
Preferred Key Skills
Splunk Enterprise Security administration experience.
Splunk Risk-Based Alerting implementation experience.
Experience with Splunk Machine Learning Toolkit.
Hands-on experience with SOAR platforms such as Splunk SOAR, Cortex XSOAR, or ServiceNow SecOps.
Experience with EDR tools such as CrowdStrike, Microsoft Defender, SentinelOne, or Carbon Black.
Cloud security log experience from AWS, Azure, or GCP.
Knowledge of threat hunting methodologies.
Experience with purple team validation and attack simulation.
Familiarity with malware behavior, incident response, and digital forensics concepts.
Knowledge of Sigma rules and detection-as-code frameworks.
Tools & Technologies
SIEM: Splunk Enterprise, Splunk Enterprise Security
Query Language: Splunk SPL
Analytics: Python, Pandas, NumPy, Scikit-learn, Jupyter Notebook
Security Frameworks: MITRE ATT&CK;, Cyber Kill Chain
Detection Methods: Correlation rules, risk-based alerting, anomaly detection, behavioral analytics
Security Logs: Windows Event Logs, Sysmon, Linux logs, EDR, Firewall, Proxy, DNS, VPN, IAM, CloudTrail, Azure AD / Entra ID
Automation: SOAR, ticketing integration, alert enrichment
Documentation: Detection logic, use case design, runbooks, analyst response guides
Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Data Science, Information Technology, or equivalent practical experience.
10+ years of experience in SOC, SIEM engineering, cyber defense, threat detection, or security analytics.
3+ years of hands-on Splunk experience.
Experience developing and tuning Splunk SPL-based detections.
Exposure to Python-based analytics or machine learning exploration.
Robust analytical, communication, and documentation skills.

📌 Detection Engineer (Bengaluru)
🏢 HCLTech
📍 Bengaluru