SIEM Engineer

📋 Description

• Configure, oversee, and maintain SIEM platforms to ensure efficient log collection, event correlation, and alerting systems.

• Design, implement, and enhance use cases, correlation rules, and threat detection playbooks to identify and address security threats in real-time.

• Conduct initial triage, analysis, and investigation of security alerts and incidents, escalating critical matters to senior SOC members as necessary.

• Integrate various log sources (e.g., firewalls, IDS/IPS, endpoints, cloud platforms like AWS/Azure) into the SIEM system and ensure seamless data ingestion.

• Continuously optimize and adjust SIEM alerts to minimize false positives and enhance the accuracy of threat detection.

• Collaborate closely with SOC analysts, incident response teams, and other IT/security teams to coordinate threat mitigation and remediation activities.

• Produce detailed reports on SIEM performance, incident metrics, and security trends, while maintaining comprehensive documentation of processes and procedures.

• Integrate threat intelligence feeds into SIEM systems to improve detection capabilities and stay informed about emerging threats.

• Develop scripts (e.g., Python, PowerShell) to automate repetitive tasks and enhance SOC operational efficiency.

• Stay informed on the latest cybersecurity trends, SIEM technologies, and attack vectors to bolster SOC capabilities.

⛳️ Requirements

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

• 4-5 years of experience in cybersecurity, with a minimum of 2 years focused on SIEM administration and management.

• Hands-on experience with SIEM platforms such as Sentinel, Splunk, IBM QRadar, ArcSight, or LogRhythm.

• Previous experience in a Security Operations Center (SOC) environment is highly advantageous.

• Proficient in SIEM architecture, data collection, and event correlation.

• Knowledgeable in network security, firewalls, IDS/IPS, and endpoint detection and response (EDR) tools.

• Familiar with cloud security platforms (e.g., AWS, Azure, Google Cloud) and their integration with SIEM.

• Proficient in scripting with Python, PowerShell, or similar languages for automation purposes.

• Understanding of TCP/IP, network protocols, and enterprise network security technologies.

• Strong analytical and problem-solving abilities to identify and mitigate complex security threats.

• Excellent communication skills for reporting, documentation, and collaboration with cross-functional teams.

🏝️ Benefits

• Health insurance

• Retirement plans

• Paid time off

• Flexible work arrangements

• Professional development