"Alerted.org

Senior Cloud SIEM Engineer

Job Category: Engineering & Cloud

Meet Our Team:

Pega is The Enterprise Transformation Company that helps organizations Build for Change with enterprise AI decisioning and workflow automation. We offer a commercial SaaS version of our industry-leading platform to our global clients. Pega was recently recognized as one of the “Top 10 Tech Winners For The AI Revolution” by industry analysts and just hit a huge milestone of joining the S&P MidCap 400. On the frontlines of this success is the Pega Cloud Security Operations Center (CSOC). Our team of information security professionals is charged to protect Pega’s commercial cloud assets and offerings. We accomplish this by creatively working to deter, detect, deny, delay, and defend against internal and external security threats. The CSOC provides monitoring, detection, and incident response services for Pega Cloud.

Picture Yourself at Pega:

As a Senior Cloud SIEM Engineer, you will play a pivotal role in designing, implementing, and optimizing the security monitoring infrastructure that protects Pega’s global cloud environments. You will be instrumental in advancing our detection and response capabilities by engineering scalable, cloud-native solutions that enable real-time visibility into security events across AWS, GCP, and hybrid environments.

You will accomplish this by leveraging your deep expertise in SIEM technologies—particularly Google Chronicle/SecOps—to build and maintain robust pipelines for log ingestion, normalization, and correlation. Collaborating closely with security analysts, detection engineers, cloud architects, and various engineering teams, you will help shape the architecture and operational maturity of our cloud security telemetry. Your work will directly support proactive threat detection, automated response, and continuous improvement of our security posture. As a Senior Cloud SIEM Engineer at Pega, your contributions will be critical to ensuring the integrity and resilience of our cloud infrastructure. You’ll be part of a high-performing team that values innovation, precision, and collaboration. Your efforts will help safeguard the trust our clients place in us as we deliver transformative digital experiences at scale.

So, picture yourself at Pega, where your engineering expertise is valued, and your passion for building secure, intelligent systems is celebrated. Join us in redefining cloud security operations and make a lasting impact on the future of enterprise security.

What You'll Do at Pega:

• Help design and implement Pega’s cloud-native SIEM solution (Google Chronicle/SecOps)

• Manage and maintain the Chronicle/SecOps SIEM platform, ensuring its effective operation and integration with other security and automation tools

• Develop dashboards, reports, and other non-alert based content to maintain and improve situational awareness of Pega Cloud’s security posture

• Assist in the development of SOAR playbooks for use by analysts to enrich, investigate, and respond to security alerts and detections

• Assist the threat detection team in developing and maintaining security monitoring and alerting rules based on use cases for known and emerging threats and hypotheses derived from the Pega threat landscape

• Collaborate with cross-functional teams to assist data ingestion/parsing efforts & ensure best security practices are followed

• Contribute to standard operating procedure (SOP) and policy development for CSOC detection and analysis tools and methodologies

• Participate regular security assessments and audits to identify and mitigate risks

• Provide technical guidance and mentorship to junior team members

Who You Are:

You have an insatiable curiosity and a relentless drive to engineer smarter, faster, and more scalable ways to detect, investigate, and respond to threats in the cloud. You've architected and fine-tuned detection pipelines, enriched telemetry sources, and built resilient integrations that empower security teams to act with speed and precision. You bring deep expertise in cloud-native platforms—especially AWS, GCP, and Chronicle/SecOps—and are ready to apply that knowledge to elevate Pega Cloud’s detection and response capabilities.

You have a proven track record in the security engineering space. Your accomplishments include:

• Earning top-tier technical certifications such as AWS Certified Solutions Architect, Google Cloud Professional Security Engineer, or Splunk Certified Architect.

• Recognition for designing and deploying innovative SIEM solutions that close visibility gaps and enhance detection coverage across complex cloud environments.

What You've Accomplished:

• 5+ years of experience in SIEM engineering and administration

• 1-2 years of current, operational experience with Google Chronicle/SecOps, including implementation, management, and optimization

• 3+ years of operational experience working with YARA-L, Grok, and YAML languages

• Experience with Splunk Enterprise Security (ES), including writing SPL and building correlation searches, lookup files, and other knowledge objects

• Operational experience working with SOAR technologies and creating automation integrations and playbooks

• Strong experience with cloud architecture, infrastructure, and resources (AWS & GCP), along with the associated services, threats, and mitigations – including knowledge and analysis of various cloud logs such as CloudTrail, Cloud Audit, GuardDuty, Security Command Center, CloudWatch, Cloud Ops, Trusted Advisor, Recommender, VPCFlow, and WAF logs

• Operational experience with EDR/XDR platforms, related logs, and integrations

• Solid working knowledge of MITRE ATT&CK framework, the associated TTP's and how to map detections against them, particularly the cloud matrix portion

• A solid foundational understanding of computer, OS (Linux/Windows), and network architecture concepts, and various related exploits/attacks

• Proficiency in scripting languages such as Python, PowerShell, or Bash

• Strong understanding of security best practices and frameworks (e.g., NIST, ISO 27001).

• Experience developing standard operating procedures (SOPs), runbooks/playbooks for repeated actions, and security operations policies – with an aim to maximize our tools’ potential with automation whenever possible

• Familiarity with threat intelligence platforms and frameworks

• Strong analytical skills and ability to interpret complex data sets

• A demonstrated ability to work in a team environment and foster a healthy, productive team culture:

• Proactive communicator with both verbal and written communication

• Process oriented with the ability to extract key action items from situations and convert them into repeatable processes for others to emulate

• Vision on long-term mechanisms as opposed to heroic efforts and/or tribal knowledge

Pega Offers You:

• A robust global benefits program including a competitive pay + bonus incentive, unlimited PTO, and Employee Equity in the company

• An innovative, inclusive, agile, flexible, and fun work environment full of opportunities to learn and grow

• At Pega, we believe in continuous learning and growth. You will have access to cutting-edge technologies and training resources, allowing you to stay at the forefront of cloud security.

• Pega's culture fosters collaboration, innovation, and work-life balance. You’ll participate in team-building activities and engage in open discussions during daily/weekly team meetings

• You will have the flexibility to work remotely when needed, allowing you to maintain a healthy work-life integration

• Gartner Analyst acclaimed technology leadership across our categories of products and services \#LI-KH2

Job ID: 22185

It is Pega's policy to engage, recruit, hire, promote, train, discipline, and compensate in all job classifications, without regard to race, color, sex, religion, national origin, age, disability, sexual orientation, gender identity, veteran status, or any other category protected by law.

https://www.pega.com/about/careers/equal-employment-opportunity