Job Description
Configure, manage, and optimize SIEM tools (e.g., Splunk,
IBM QRadar, Azure Sentinel, ArcSight, or LogRhythm) for log
collection, parsing, and correlation.
Develop and fine-tune detection rules, alerts, dashboards,
and reports to identify potential security threats and
anomalies.
Monitor and analyze SIEM alerts to identify and respond to
suspicious activities, false positives, or security incidents.
Collaborate with the Security Operations Center (SOC), threat
intelligence, and incident response teams to support
investigations.
Integrate new log sources and ensure complete, accurate,
and secure logging from endpoints, servers, cloud services,
and applications.
Conduct root cause analysis and post-incident reviews to
enhance detection capabilities.
Ensure compliance with industry standards and regulatory
requirements (e.g., ISO 27001, NIST, PCI-DSS).
Document configurations, detection logic, and incident
response processes.
3+ years of experience in cybersecurity with direct hands-on SIEM experience.
Proficiency in one or more SIEM platforms (e.g., Splunk,
QRadar, Sentinel, Elastic Stack, etc.).
Solid understanding of network protocols, system logs, attack
techniques, and MITRE ATT&CK framework.
Experience with scripting and automation (e.g., Python,
PowerShell) is a plus.
Familiarity with EDR, SOAR, IDS/IPS, firewalls, and other
security tools.
