Security Engineer, Threat Detection

About Workato

Workato transforms technology complexity into business opportunity. As the leader in enterprise orchestration Workato helps businesses globally streamline operations by connecting data processes applications and experiences. Its AI-powered platform enables teams to navigate complex workflows in real-time driving efficiency and agility.

Trusted by a community of 400000 global customers Workato empowers organizations of every size to unlock new value and lead in todays fast-changing world. Learn how Workato helps businesses of all sizes achieve more at .

Why join us

Ultimately Workato believes in fostering a flexible trust-oriented culture that empowers everyone to take full ownership of their roles . We are driven by innovation and looking for team players who want to actively build our company.

But we also believe in balancing productivity with self-care . Thats why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives.

If this sounds right up your alley please submit an application. We look forward to getting to know you!

Also feel free to check out why :

Business Insider named us an enterprise startup to bet your career on

Forbes Cloud 100 recognized us as one of the top 100 private cloud companies in the world

Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area and 96th in North America

Quartz ranked us the #1 best company for remote workers

Responsibilities

At Workato security is at the core of everything we do. We are seeking a proactive and detail-oriented Security Engineer Threat Detection to join our expanding Security team in this role you will be pivotal in optimising and enhancing the performance of our Security Information and Event Management (SIEM) platform.

Your primary responsibility will be to maintain manage and enhance the SIEM system by integrating critical log sources and overseeing the entire data lifecycle within the platform. You will play a key role in advancing threat detection capabilities by strategically creating fine-tuning and optimizing detection rules to improve accuracy and reduce false alerts.

As a central figure in our security operations you will ensure the SIEM effectively aggregates processes and manages security-relevant data from diverse endpointsincluding cloud environments source control management (SCM) systems applications servers workstations and network devices. You will collaborate closely with the Incident Response team to conduct deep-dive analyses of security incidents and actively participate in daily on-call rotations.

If you are passionate about automating threat detection streamlining security workflows and driving innovation at scale this is an excellent opportunity for you!

In this role y ou will also be responsible to :

Design develop implement and continuously refine custom detection rules within the SIEM to identify emerging and potential security threats tailored to our network infrastructure industry standards and evolving threat landscape.

Analyze and optimize existing detection rules to enhance accuracy minimize false positives and negatives and improve overall alert quality reducing alert fatigue and boosting the signal-to-noise ratio.

Collaborate closely with security teams and other key stakeholders to gather requirements incorporate feedback and collectively improve the SIEMs threat detection capabilities.

Utilize both out-of-the-box and custom-built detection rules to effectively address the organizations unique security posture and risk profile.

Oversee ingestion of logs and telemetry from a broad range of security and operational sources ensuring data integrity accurate parsing and efficient storage for timely threat analysis.

Apply deep expertise in security monitoring principles threat detection methodologies and incident response workflows to continually improve detection strategies and operational readiness.

Maintain comprehensive documentation of detection rules tuning activities and SIEM configuration changes; create dashboards and generate insightful reports for management to highlight data trends and security posture.

Stay current with the latest security threats vulnerabilities and advancements in SIEM technologies particularly within the Microsoft Sentinel ecosystem to drive ongoing improvement and innovation.

Provide technical expertise during security audits compliance assessments (e.g. SOC 2 ISO 27001) and risk evaluations; collaborate with compliance teams to ensure log retention and data management meet regulatory and internal standards.

Requirements

Qualifications / Experience / Technical Skills

3 to 6 years of hands-on experience in threat detection SIEM management and Security Operations in SaaS or cloud-based environments.

Proven expertise with leading SIEM platforms and strong skills in the full lifecycle of detection rule creation fine-tuning and optimization to improve threat detection accuracy and reduce false positives.

In-depth knowledge of managing data ingestion from diverse security and operational sources with a solid understanding of data from servers workstations network devices cloud environments and security tools.

Strong understanding of security monitoring principles threat detection methodologies incident response workflows and common cyberattack vectors.

Expertise in AWS cloud platform with the ability to identify critical log sources for ingestion; familiarity with cloud security best practices across AWS (Preferred) Azure and GCP.

Experience with SOAR platforms such as Workato Palo Alto XSOAR or Splunk SOAR and proficiency in scripting and automation using Python PowerShell or Workato recipes.

Familiarity with security compliance frameworks like SOC 2 ISO 27001 GDPR and other relevant regulations.

Relevant security certifications such as CISSP AWS Certified Security Specialty GIAC (GCIH GCIA) Certified Cloud Security Professional (CCSP).

Willingness to travel occasionally within India and internationally as required.

Soft Skills / Personal Characteristics

Strong problem-solving and analytical skills with an automation-first mindset.

Excellent communication and collaboration skills to work across teams.

Ability to work independently and manage multiple tasks effectively in a fast-paced environment

(REQ ID : 2336)

Key Skills

Splunk,IDS,Network security,Computer Networking,Identity & Access Management,PKI,PCI,NIST Standards,Security System Experience,Information Security,Encryption,Siem

Employment Type : Full Time

Experience : years

Vacancy : 1