Engineer

2-5 Years

Save

Early Applicant

Job Description

Key Responsibilities:

SIEM Administration:

Manage daytoday administration of an enterprise SIEM platform, including:
User & role management (RBAC)
Health monitoring, capacity management, EPS monitoring
Deployment and management of collectors, forwarders, log sources
Backup, retention, and storage management
Onboard, parse development, and normalize new log sources across security, network, cloud, and OS environments.
Tune SIEM correlation rules, searches, and alerts to reduce false positives and improve accuracy.
Develop dashboards, reports, and monitoring views for SOC operations.
Implement and maintain rule packages, reference sets/lists, and enrichment fields.
Ensure SIEM performance, HA, and operational stability.

Administer and maintain an enterprise SOAR platform including:

Design, develop, test, and deploy SOAR automation playbooks for:

Enhance existing playbooks with improved enrichment, decision logic, and approval flows.

Collaborate with SOC analysts and the IR team to automate manual steps and improve response efficiency.

Maintain automation codebase (primarily Pythonbased actions/scripts).

Required Skills & Experience

25 years of experience in Security Operations / SIEM & SOAR engineering.
Strong handson experience with:
SIEM administration (log ingestion standard and Custom integration, normalization, SIEM performance tuning and enhancement, dashboards)
SOAR administration (integrations, playbooks development, Entity enrichment, incident flows design and development)
Strong Python scripting for automation tasks in SOAR.
Strong knowledge of log formats: Syslog, CEF, JSON, XML, REST APIs.
Experience in troubleshooting ingestion issues and parsing problems.
Strong understanding of:
MITRE ATT&CK
Use case lifecycle
Incident response workflows
Enrichment and automation best practices
Good understanding of OS internals (Windows/Linux), network security devices, cloud logs, and security tools.