Senior Engineer - Cyber Security Operations (SIEM Engineer) 

The Big Picture 

Sysco LABS is the Global In-House Center of Sysco Corporation (NYSE: SYY), the world’s largest foodservice company. Sysco ranks 56th in the Fortune 500 list and is the global leader in the trillion-dollar foodservice industry. 

Sysco employs over 75,000 associates, operates 337 smart distribution facilities worldwide, and has over 14,000 IoT-enabled trucks serving 730,000 customer locations. For fiscal year 2025 (ended June 29, 2025), the company generated sales exceeding $81.4 billion. 

Sysco LABS Sri Lanka delivers the technology that powers Sysco’s end-to-end operations, enabling sourcing, merchandising, storage, order placement, warehouse operations, delivery logistics, and even enhancing the in-restaurant dining experience of Sysco’s global customers. 

The Opportunity 

This position is part of Sysco’s Cyber Security Operations team. As a SIEM Engineer specializing in Microsoft Sentinel, you will design, implement, and maintain our SIEM infrastructure to enable proactive threat detection, incident response, and compliance reporting. This role is highly collaborative, working closely with SOC, Threat Intelligence, Cloud, and Infrastructure teams to ensure that Sysco’s security monitoring capabilities remain robust and up to date. 

Responsibilities: 

• Designing, deploying, and maintaining Microsoft Sentinel SIEM infrastructure 

• Developing and optimizing data connectors for log ingestion from cloud, on-prem, and hybrid sources 

• Managing and tuning analytic rules, workbooks, playbooks, and automation workflows 

• Creating and refining KQL queries for custom detection use cases 

• Collaborating with Threat Intelligence and SOC teams to operationalize threat indicators and behavioral analytics 

• Supporting incident investigation with log enrichment and correlation 

• Ensuring high availability and performance of Sentinel components 

• Monitoring ingestion costs and optimizing data retention policies 

• Implementing health checks and alerting for SIEM infrastructure 

• Generating reports for regulatory and audit requirements 

• Maintaining documentation for SIEM architecture, data flows, and detection logic 

• Working closely with cloud, infrastructure, and application teams to onboard new log sources 

• Staying up to date with Microsoft Sentinel roadmap and security best practices 

• Participating in purple team exercises and detection gap analysis 

Requirements: 

• A Bachelor's Degree in Cybersecurity, Computer Science, Networking, or related field  

• 3+ years of experience in SIEM engineering or security operations, with 2+ years hands-on in Microsoft Sentinel 

• Proficiency in KQL (Kusto Query Language), understanding of Azure Security Center, Defender for Cloud, and Log Analytics 

• Familiarity with incident response, threat detection, and log management processes 

• Working knowledge of MITRE ATT&CK, NIST, or equivalent security frameworks 

• Strong analytical, problem-solving, and communication skills 

• Microsoft certifications such as SC-200, AZ-500 

• Experience with Azure Logic Apps, Microsoft Defender XDR, and M365 security tools 

• Scripting knowledge (PowerShell, Python) for automation 

• Experience with SOAR platforms and playbook development 

Benefits 

• US dollar-linked compensation 

• Performance-based annual bonus 

• Recognition and rewards programs 

• Agile Benefits – special allowances for Health, Wellness & Academic purposes 

• Paid birthday leave 

• Team engagement allowance 

• Comprehensive health & life insurance cover (extendable to parents and in-laws) 

• Overseas travel opportunities and client environment exposure 

• Hybrid work arrangement 

Sysco LABS is an Equal Opportunity Employer.