SIEM Engineers Lead

The role

Nebius is looking for a highly technical, hands-on SIEM Engineer Lead to design, implement, and optimize advanced Security Information and Event Management (SIEM) capabilities. This role is responsible for developing detection strategies, improving security visibility, and driving automation across security operations processes. The ideal candidate will combine deep SIEM expertise with strong analytical and engineering skills to enhance threat detection, incident response efficiency, and security monitoring maturity. This is not a people management position, you will provide technical guidance, mentorship, and direction to SOC analysts, security engineers, and cross-functional teams

You’re welcome to work in our offices in Tel Aviv.

Your responsibilities will include:

• Architect, deploy, and maintain enterprise SIEM platforms and related security monitoring infrastructure.
• Develop and optimize detection rules, correlation logic, and alert mechanisms to identify security threats and anomalous activity.
• Design and implement log ingestion pipelines, normalization, and enrichment processes across diverse data sources.
• Continuously improve detection coverage by analyzing threat intelligence, attacker techniques, and emerging vulnerabilities.
• Create and maintain dashboards, reports, and metrics to support security visibility and operational decision-making.
• Drive automation of security monitoring and response workflows using scripting, APIs, and orchestration tools.
• Perform tuning and performance optimization of SIEM platforms to ensure scalability and reliability.
• Conduct threat hunting activities and support complex security investigations using SIEM data.
• Collaborate with engineering, infrastructure, and security stakeholders to integrate new log sources and telemetry.
• Develop documentation, standards, and best practices for SIEM configuration, logging, and detection engineering.
• Create APIs and interfaces that enable AI agents to query SIEM, pull evidence, and execute actions

We expect you to have:

• 5+ years of experience in cybersecurity with strong focus on SIEM engineering or security monitoring.
• Hands-on experience with SIEM platforms such as Splunk, Microsoft Sentinel, QRadar, CrowdStrike, Elastic, or similar.
• Strong knowledge of log analysis,event correlation, and detection engineering.
• Experience with data pipelines, log parsing, and schema design.
• Experience with SOAR platforms and security automation.
• Experience with scripting or programming (e.g., Python, PowerShell, Bash) for automation and integrations.
• Solid understanding of network protocols, operating systems, cloud environments, and common attack techniques.
• Familiarity with frameworks such as MITRE ATT&CK, NIST, or CIS for detection mapping and security controls.
• Experience integrating threat intelligence and security tools with SIEM platforms.
• Knowledge of cloud logging and monitoring (AWS, Azure, GCP).
• Strong knowledge of Kubernetes architecture and security concepts
• Experience with Terraform, CI/CD pipelines and Detection as code workflow

It will be an added bonus if you have:

• Experience building and deploying LLM-based AI agents
• Experience in transitioning from manual SOC to AI-augmented operations.
• Relevant security certifications
• Certification in cloud computing, including administration, development, engineering, or architecture.
• Knowledge of AI safety and reliability - guardrails, validation, human oversight mechanisms