Security Engineer, Threat Detection en Workato

Responsibilities

At Workato, security is at the core of everything we do. We are seeking a proactive and detail-oriented Security Engineer – Threat Detection to join our expanding Security team in India. In this role, you will be pivotal in optimising and enhancing the performance of our Security Information and Event Management (SIEM) platform.

Your primary responsibility will be to maintain, manage, and enhance the SIEM system by integrating critical log sources and overseeing the entire data lifecycle within the platform. You will play a key role in advancing threat detection capabilities by strategically creating, fine-tuning, and optimizing detection rules to improve accuracy and reduce false alerts.

As a central figure in our security operations, you will ensure the SIEM effectively aggregates, processes, and manages security-relevant data from diverse endpoints—including cloud environments, source control management (SCM) systems, applications, servers, workstations, and network devices. You will collaborate closely with the Incident Response team to conduct deep-dive analyses of security incidents and actively participate in daily on-call rotations.

If you are passionate about automating threat detection, streamlining security workflows, and driving innovation at scale, this is an excellent opportunity for you!

In this role, you will also be responsible to:

• Design, develop, implement, and continuously refine custom detection rules within the SIEM to identify emerging and potential security threats tailored to our network infrastructure, industry standards, and evolving threat landscape.

• Analyze and optimize existing detection rules to enhance accuracy, minimize false positives and negatives, and improve overall alert quality, reducing alert fatigue and boosting the signal-to-noise ratio.

• Collaborate closely with security teams and other key stakeholders to gather requirements, incorporate feedback, and collectively improve the SIEM’s threat detection capabilities.

• Utilize both out-of-the-box and custom-built detection rules to effectively address the organization’s unique security posture and risk profile.

• Oversee ingestion of logs and telemetry from a broad range of security and operational sources, ensuring data integrity, accurate parsing, and efficient storage for timely threat analysis.

• Apply deep expertise in security monitoring principles, threat detection methodologies, and incident response workflows to continually improve detection strategies and operational readiness.

• Maintain comprehensive documentation of detection rules, tuning activities, and SIEM configuration changes; create dashboards and generate insightful reports for management to highlight data trends and security posture.

• Stay current with the latest security threats, vulnerabilities, and advancements in SIEM technologies, particularly within the Microsoft Sentinel ecosystem, to drive ongoing improvement and innovation.

• Provide technical expertise during security audits, compliance assessments (e.g., SOC 2, ISO 27001), and risk evaluations; collaborate with compliance teams to ensure log retention and data management meet regulatory and internal standards.

Requirements

Qualifications / Experience / Technical Skills

• 3 to 6 years of hands-on experience in threat detection, SIEM management, and Security Operations in SaaS or cloud-based environments.

• Proven expertise with leading SIEM platforms and strong skills in the full lifecycle of detection rule creation, fine-tuning, and optimization to improve threat detection accuracy and reduce false positives.

• In-depth knowledge of managing data ingestion from diverse security and operational sources, with a solid understanding of data from servers, workstations, network devices, cloud environments, and security tools.

• Strong understanding of security monitoring principles, threat detection methodologies, incident response workflows, and common cyberattack vectors.

• Expertise in AWS cloud platform with the ability to identify critical log sources for ingestion; familiarity with cloud security best practices across AWS (Preferred), Azure, and GCP.

• Experience with SOAR platforms such as Workato, Palo Alto XSOAR, or Splunk SOAR, and proficiency in scripting and automation using Python, PowerShell, or Workato recipes.

• Familiarity with security compliance frameworks like SOC 2, ISO 27001, GDPR, and other relevant regulations.

• Relevant security certifications such as CISSP, AWS Certified Security – Specialty, GIAC (GCIH, GCIA), Certified Cloud Security Professional (CCSP).

• Willingness to travel occasionally within India and internationally as required.

Soft Skills / Personal Characteristics

• Strong problem-solving and analytical skills with an automation-first mindset.

• Excellent communication and collaboration skills to work across teams.

• Ability to work independently and manage multiple tasks effectively in a fast-paced environment

(REQ ID: 2336)