Manager - Security Engineering & AI Operations

Role Summary

The Manager Security Engineering & AI Operations will lead the Platform Security Engineering team responsible for designing, implementing, optimizing, and innovating across multiple SIEM platforms, including Microsoft Sentinel, FortiSIEM, and Splunk. This role focuses on enhancing detection engineering, automation, and AI-driven capabilities within the SOC to strengthen threat detection, improve operational efficiency, and optimize platform performance.

Job Description

• Platform Engineering & Optimization
  - Lead the design, deployment, and optimization of Microsoft Sentinel, FortiSIEM, and Splunk environments
  - Oversee log onboarding, parsing, normalization, enrichment, and retention strategies to ensure optimal visibility and cost efficiency
  - Continuously refine data ingestion and connector configurations for high fidelity and reduced noise
  - Implement best practices for platform health, scalability, and high availability
  - Establish and maintain dashboards for platform monitoring, ingestion metrics, and performance reporting

• Detection Engineering & Threat Analytics
  - Develop and manage advanced detection rules, correlation logic, and analytics across all SIEM platforms
  - Oversee the rule lifecycle process creation, validation, tuning, and decommissioning to minimize false positives
  - Implement and standardize use cases for different threat categories (e.g., insider threats, cloud abuse, identity compromise)
  - Coordinate with SOC analysts to validate and enhance alert logic through feedback loops
  - Maintain a robust Detection Use Case Repository mapped to frameworks like MITRE ATT&CK

• AI, Automation & Innovation
  - Integrate AI and ML-driven analytics into detection and response workflows
  - Leverage Microsoft Security Copilot, Sentinel Analytics, and FortiSIEM ML features to improve automation and insight generation
  - Build and enhance SOAR (Security Orchestration, Automation, and Response) playbooks for automated response
  - Drive initiatives for AI-assisted threat hunting, alert summarization, and anomaly detection
  - Experiment with LLM-driven capabilities for query generation, enrichment, and threat summarization

• Leadership & Collaboration
  - Lead and mentor the Platform Security Engineers, ensuring skill growth and technical excellence
  - Collaborate with the SOC Manager, Threat Hunting, and Incident Response teams to align detection strategies with business risks
  - Work closely with IT and Cloud teams to ensure log source coverage from on-prem, hybrid, and multi-cloud environments
  - Drive a continuous improvement culture focused on innovation, efficiency, and measurable impact

• Governance, Reporting & Continuous Improvement
  - Define key metrics to measure detection coverage, platform efficiency, and automation success
  - Review and report on ingestion costs, rule performance, and alerting efficiency
  - Ensure adherence to internal standards, documentation, and change management processes
  - Evaluate emerging SIEM and AI technologies for potential adoption

Person Specification

• Bachelors Degree in Cybersecurity, Computer Science, Information Security, or related field
• Masters degree in Cybersecurity or AI-related field is an added advantage
• 05+ years in cybersecurity operations, including minimum 3 years in SIEM engineering or detection engineering
• Proven experience managing or leading a technical SOC engineering or detection team
• Strong hands-on experience with at least two of the following platforms:
  - Microsoft Sentinel (KQL, workbooks, analytics, playbooks, data connectors)
  - FortiSIEM (rules, aggregation policies, CMDB, analytics)
  - Splunk Enterprise/Splunk Cloud (SPL, dashboards, data models, Enterprise Security)
• Experience in AI/ML integration, SOAR automation, or UEBA solutions is preferred
• Good understanding of MITRE ATT&CK, NIST CSF, and incident response frameworks
• Familiarity with Azure, GCP, and AWS security controls and log sources