BOSAL is a Dutch privately owned company, mainly known as a global Tier 1 automotive supplier, in business since 1923. We employ about 2200 people in 16 production facilities of which the largest ones are situated in Czechia, Mexico, Turkey, Brasil, US and South Africa. Our corporate research center is based in Belgium, next to that we run 5 other R&D satellites worldwide. SIEM & Detection Engineer – Querétaro (Mexico) As a SIEM & Detection Engineer, you are responsible for building and operating centralized security monitoring and incident detection capabilities. You will design and implement a SIEM platform from scratch and ensure effective detection and response across the organization’s IT landscape. Your responsibilities: Designing, implementing, and operating a SIEM platform (e.g. Microsoft Sentinel or equivalent). Onboarding and normalizing logs from multiple sources, including 1. Palo Alto firewalls and Prisma Access. 2. Cisco switches, WLC's, ISE, and Catalyst Center. 3. Windows and Linux servers. 4. Microsoft 365 and identity services. 5. Critical applications and SaaS platforms. Defining, prioritizing and maintaining detection use cases aligned with asset criticality and risk. Developing and maintaining detection rules and use cases. Designing and documenting incident response workflows and playbooks. Correlating incidents with asset criticality and vulnerability and exposure data. Supporting TISAX evidence for monitoring, logging and incident handling. Continuously improving detection coverage and reducing false positives. Ensuring monitoring and incident response capabilities are demonstrably effective and audit-ready. Your profile: Experience with SIEM platforms, such as Sentinel, Splunk or similar. Strong experience with log ingestion and normalization using syslog and API-based integrations across security and infrastructure platforms. Expertise in security monitoring and detection engineering. Experience with Windows and Linux logging. Knowledge of network and firewall logging concepts. Relevant certifications are considered as an asset. Experience: Preferably 4+ years' of experience in Security Operations or SOC environments. Proven experience in designing and extending SIEM platforms and detection capabilities. Experience operating in heterogeneous environments across network, server and cloud infrastructure. Solid understanding of incident detection, response processes, and security workflows. #J-18808-Ljbffr