2

Entry Level Siem Content Developer Jobs (NOW HIRING)

Detection Engineer

Chicago, IL ยท Hybrid

$100K - $140K/yr

Help manage and improve our detection-as-code pipeline-versioned detection content in git ... Hands-on SIEM exposure from coursework, CTFs, labs, or internships (e.g. Splunk, Google SecOps ...

Detection Engineer

Chicago, IL ยท On-site

$100K - $140K/yr

Help manage and improve our detection-as-code pipeline-versioned detection content in git ... Hands-on SIEM exposure from coursework, CTFs, labs, or internships (e.g. Splunk, Google SecOps ...

Monitor central security dashboards, log aggregators, and SIEM alerts daily to triage potential ... Security+, AWS Certified Cloud Practitioner, or similar entry-level certificates are a major plus.

This is a true entry-level opportunity for early-career professionals looking to build a foundation ... Process and Content Development. Contribute to repeatable security content, detection logic, and ...

This is a true entry-level opportunity for early-career professionals looking to build a foundation ... Process and Content Development. Contribute to repeatable security content, detection logic, and ...

Support security tools such as Email Security, Antivirus, Network IPS, Web Content Filtering, etc ... Security Information Event Management solutions (SIEM) * Enterprise Virus Management Solutions (SEP ...

... SIEM, EDR, and email security platforms. Beyond day-to-day monitoring, this role carries real ... You will help mature the detection content the team relies on, reduce alert fatigue by tuning out ...

next page

Showing results 1-20

Entry Level Siem Content Developer information

See salary details

$29.5K

$116.6K

$129K

How much do entry level siem content developer jobs pay per year?

As of Jul 12, 2026, the average yearly pay for entry level siem content developer in the United States is $116,615.00, according to ZipRecruiter salary data. Most workers in this role earn between $123,000.00 and $128,000.00 per year, depending on experience, location, and employer.

What is a sIEM content developer?

A SIEM content developer is responsible for creating and managing security content such as rules, alerts, and dashboards within Security Information and Event Management (SIEM) systems. They analyze security data, develop detection logic, and customize content to improve threat detection and response capabilities, often using tools like Splunk, QRadar, or ArcSight.

Can you make $200,000 in cyber security?

Entry Level SIEM Content Developers typically earn lower starting salaries, often between $50,000 and $80,000 annually. Reaching a $200,000 salary generally requires several years of experience, advanced skills, certifications like CISSP or CISA, and roles in senior cybersecurity positions or specialized consulting. Salary growth depends on expertise, certifications, and the complexity of the security environment managed.

What jobs pay 4000 a week without a degree?

Entry-level SIEM content developers typically do not earn $4,000 a week without significant experience or specialized skills. High-paying roles in cybersecurity or IT often require certifications, technical knowledge, and experience, and salaries vary widely based on location and employer. Most jobs paying this amount without a degree are in sales, entrepreneurship, or specialized trades, rather than entry-level cybersecurity roles.

How much does a SIEM engineer make?

A SIEM engineer's salary typically ranges from $70,000 to $120,000 annually, depending on experience, certifications, and location. Entry-level roles often start around $60,000, while experienced professionals with skills in tools like Splunk or QRadar can earn higher salaries.
What are the most commonly searched types of Siem Content Developer jobs? The most popular types of Siem Content Developer jobs are:
Infographic showing various Entry Level Siem Content Developer job openings in the United States as of July 2026, with employment types broken down into 1% Internship, 72% Full Time, 24% Part Time, 1% Temporary, and 2% Contract. Highlights an 76% Physical, 3% Hybrid, and 21% Remote job distribution, with an average salary of $116,615 per year, or $56.1 per hour.
Detection Engineer

Detection Engineer

Tempus

Chicago, IL โ€ข Hybrid

$100K - $140K/yr

Full-time

Re-posted 3 days ago


Job description

Passionate about precision medicine and advancing the healthcare industry?

Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time.

**About our teams:** With a mission to use data and AI to power precision medicine and improve patient care, our teams blend deep healthcare expertise with modern product development practices. Tempus products are owned and developed by small, autonomous teams made up of software engineers, designers, scientists, and product managers. These teams set goals, build the software, deploy the code, and contribute to a growing platform that is transforming healthcare.

**Detection Engineer:** The Security Operations Center is building the data foundation for threat detection-reliable pipelines that land security events in our SIEM platform. This is a software engineering role inside security: you will build in Python, integrate APIs, and test your work, with mentorship on SIEM usage, detection logic, and alert quality. Over time, you will help us grow **agentic SOC workflows** (AI-assisted triage, enrichment, and detection support) with human-in-the-loop guardrails-adding automation only when the data and evidence justify it, not on a hype-driven timeline.

Responsibilities:

  • Build and maintain log ingestion pipelines that collect security events from internal and third-party sources and deliver them to our SIEM platform.

  • Normalize and forward events using existing patterns for batching, sizing, and failure handling.

  • Build tests and fix bugs using mocked APIs and team CI standards (lint, format, coverage).

  • Operate pipelines reliably-monitor failures, tune ingestion windows and rate limits, and document configuration.

  • Support detection engineering with guidance-validate that new data is queryable in the SIEM; assist with simple parser or field fixes; learn how detections map to adversary behavior.

  • Help manage and improve our detection-as-code pipeline-versioned detection content in git, automated checks in CI, and review before changes reach production.

  • Participate in code review.

Agentic SOC (incremental; human-in-the-loop):

  • Build with agentic coding tools (e.g. Claude Code, Cursor) as part of daily development-direct, review, and test what you ship; do not rely on typing every line from scratch.

  • Contribute incrementally to agentic workflows-enrichment scripts, structured handoffs into SOAR automations, and evaluation of AI-assisted summaries or drafts in non-production or human-reviewed paths before any autonomous response.

  • Validate changes on historical data before production trust-rules, parsers, and automation earn approval through evidence, simulation or shadow mode, and defined rollback paths.

  • Assist in building and maintaining SOAR automations (enrichment, triage steps, and documentation-with review before production changes).

Requirements:

  • Comfortable building Python-APIs and JSON, basic error handling, and tests in a managed project (Poetry or similar).

  • Ability to integrate systems via APIs-OAuth or API keys, retries, and handling partial failures.

  • Testing discipline-unit tests, readable failures, and fixing regressions you introduce before merge.

  • Git and collaborative development-small, reviewable changes with clear descriptions of risk and rollout.

  • Temperament for long-horizon work-you can focus on incremental pipeline quality while understanding it enables agentic SOC capabilities over time, not instead of them.

  • Strong problem-solving skills and curiosity about security operations; willingness to learn detection concepts with mentorship.

Bonus points for:

  • Experience with scheduled jobs or Docker.

  • Hands-on SIEM exposure from coursework, CTFs, labs, or internships (e.g. Splunk, Google SecOps, Microsoft Sentinel).

  • Can navigate cloud primitives on GCP, Azure, or AWS (S3/GCS/Blob, Key Vault/Secret Manager/Secrets Manager, IAM roles and service principals).

  • Experience with infrastructure as code (e.g. Terraform).

  • Strong understanding of IAM principles in GCP (least privilege, service accounts, workload identity, and role bindings).

#LI-Hybrid#LI-BL1

Chicago Base salary: $100,000-$140,000

The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position.

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.