The Senior Security Engineer – SIEM & detecting Engineering is responsible for designing, implementing, and optimizing Mattel’s SIEM, NDR, and XDR ecosystems to ensure comprehensive global detection and response coverage. This role requires deep expertise in security telemetry, log management, and detection engineering, with hands-on experience developing scalable analytics, alerts, and integrations that strengthen detection posture, accelerate response, and enhance operational efficiency.
Roles and Responsibilities
Architect, implement, and maintain SIEM infrastructure to ensure reliable log ingestion, parsing, correlation, and alerting across enterprise systems.
Develop and fine-tune detection content and analytics rules to identify suspicious or malicious activity across endpoints, networks, and cloud environments.
Manage and enhance Network Detection and Response (NDR) and Extended Detection and Response (XDR) platforms, integrating telemetry for end-to-end visibility.
Partner with the SOC and Incident Response teams to improve alert fidelity, reduce false positives, and accelerate investigation workflows.
Integrate SIEM with SOAR and automation pipelines to support rapid response and consistent case handling.
Collaborate with infrastructure and application teams to ensure comprehensive log coverage and compliance with data retention and privacy requirements.
Develop and maintain dashboards, metrics, and reporting to measure detection performance and operational efficiency.
Conduct periodic health checks, tuning, and performance optimization for SIEM and NDR solutions.
Maintain detailed documentation, playbooks, and SOPs supporting SIEM and NDR operations.
Skills and Qualifications
Required:
5–8 years of experience in security engineering, detection engineering, or SOC architecture in an enterprise environment.
Expert-level knowledge of SIEM platforms (e.g., Splunk, XSOAR, or equivalent), including onboarding, parsing, rule creation, and optimization.
Strong understanding of detection engineering, including attack chain mapping, MITRE ATT&CK coverage, and event correlation.
Experience with log source onboarding (firewalls, proxies, endpoints, cloud, identity, email systems etc.).
Familiarity with SOAR tools and automation workflows for triage and enrichment.
Strong scripting skills (Python, PowerShell, or Bash) for rule automation, parsing, and enrichment.
Understanding of cloud detection engineering across Azure, AWS, or GCP environments.
Excellent analytical, problem-solving, and communication skills, with a focus on collaboration and data-driven decision-making.
SIEM engineering and administration (Splunk, Sentinel, etc.)
Log collection, parsing, and correlation logic development
NDR/XDR deployment and tuning (e.g., ExtraHop, Vectra, Cisco, CrowdStrike, or similar)
Detection engineering and content lifecycle management
Cloud detection coverage (Azure, AWS, GCP)
Scripting and automation (Python, PowerShell, Bash)
SOAR integration for alert enrichment and response automation
Data normalization, threat hunting, and query development
Familiarity with the MITRE ATT&CK and D3FEND frameworks
Network security, endpoint telemetry, and identity-based detection techniques
Preferred:
Bachelor’s degree in Cybersecurity, Computer Science, or related technical field, or equivalent professional experience.
Demonstrated success designing, scaling, and maintaining enterprise SIEM and detection systems.
Certifications such as GIAC Certified Detection Analyst (GCDA), GIAC Security Operations Certified (GSOC), CompTIA CySA+, ISC2 SSCP, Splunk Enterprise Security Certified Admin or Architect, or equivalent detection engineering or SIEM certification
Analytical and detail-oriented with a focus on precision and reliability
Strong communication and collaboration across technical and non-technical stakeholders
Adaptable and proactive in a fast-paced, global environment
Passion for continuous learning, innovation, and automation in security operations
Effective mentor and team contributor
Shift Timing:
05:00–14:00 PST (18:30–03:30 IST), Monday through Friday, with emergency on-call duties as needed