SIEM Engineer

Responsibilities

• Assist in configuring and maintaining the SIEM platform to ensure log collection and monitoring across various systems.
• Support in integrating logs from on-premises and cloud environments, working with custom parsers and data collectors as needed.
• Monitor the SIEM for incoming alerts and perform initial analysis of security incidents.
• Help develop and tune security use cases in the SIEM for detecting potential security threats.
• Perform basic threat hunting activities in coordination with SOC analysts to identify suspicious activities within the environment.
• Assist with security automation using basic scripting to streamline routine processes.
• Provide input into the creation of dashboards and reports to support SOC operations.
• Assist with patching and upgrading the SIEM platform, ensuring it remains up to date.
• Collaborate with security teams and external vendors for troubleshooting and support.
• Contribute to maintaining compliance with security policies and regulatory requirements (e.g., ISO, NIST).
• Provide basic security consultancy to internal teams regarding SIEM usage and log management best practices.

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. Equivalent hands-on experience or certifications may be accepted.
• 2-3 years of experience working with SIEM platforms in a security environment.
• Basic experience integrating log sources from different environments (on-premises/cloud) into a SIEM platform.
• Basic to intermediate knowledge of SIEM architecture, configuration, and monitoring.
• Hands-on experience in one or more key security domains, including SIEM, endpoint detection, or vulnerability management.
• Basic understanding of threat detection and alert management processes.
• Familiarity with cloud security practices and tools (AWS, Azure) and experience with basic log management.
• Basic scripting experience (e.g., Python, Bash) to support automation tasks within the SIEM environment.
• Ability to perform troubleshooting of SIEM-related issues and resolve basic problems, escalating more complex issues when necessary.
• Strong communication skills to work with SOC teams and contribute to ongoing improvements in SIEM operations.
• SIEM-related certifications (e.g., Splunk Power User, ArcSight Analyst) are a plus but not mandatory.
• Hands-on SIEM platform management experience with a focus on basic log ingestion and analysis.
• Understanding of security alerts and the ability to assist SOC analysts with investigation.
• Basic knowledge of cloud services and integrating cloud logs with SIEM.
• Exposure to basic security scripting and automation tools.
• Willingness to learn and develop advanced SIEM skills through hands-on experience and training.