Job Description:
The SIEM Engineer must have experience with the management and maintenance of Security Information and Event Management (SIEM) solution (preferably Elastic) to optimize, detect, analyze, and respond to security incidents effectively. The ideal candidate will have a strong background in cybersecurity, extensive experience with SIEM technologies, and a passion for staying ahead of emerging threats as well as work to support the customer’s SOC Manager and other staff.
Responsibilities:
- Design, implement, and configure SIEM solutions to collect, correlate, and analyze security events and logs from various sources.
- Monitor SIEM alerts and investigate security incidents to identify potential threats and vulnerabilities.
- Develop and maintain correlation rules, filters, and dashboards to improve the accuracy and efficiency of threat detection.
- Collaborate with cross-functional teams to remediate security vulnerabilities and ensure compliance with industry standards and regulations.
- Conduct regular assessments and audits of SIEM configurations to optimize performance and enhance threat detection capabilities.
- Provide technical expertise and support to SOC (Security Operations Center) analysts during incident response activities.
- Stay current on emerging threats, vulnerabilities, and security technologies to proactively mitigate risks and improve security posture.
Requirements:
- Hands-on experience with leading SIEM platforms such as Splunk, IBM QRadar, ArcSight, or LogRhythm, preferably Elastic.
- Strong understanding of security principles, protocols, and best practices and the ability to execute the customer’s security practices.
- Proficiency in scripting languages (e.g., Python, PowerShell) for automation and customization of SIEM solutions.
- Excellent analytical and problem-solving skills, with the ability to troubleshoot complex security issues.
- Relevant certifications such as CISSP, GIAC, or vendor-specific SIEM certifications are a plus.