Position Summary
The SIEM (Security Information and Event Management) Engineer is responsible for designing, deploying, tuning, and maintaining SIEM platforms to monitor, detect, and respond to security threats. Within a Managed Security Services (MSS) environment, SIEM Engineers ensure that alerts are meaningful, actionable, and aligned with the organization’s security objectives. They collaborate with SOC Analysts, security engineers, and incident response teams to enhance threat detection and incident response capabilities.
Key Responsibilities
SIEM Deployment & Configuration
- Deploy and configure SIEM platforms (e.g., Splunk, QRadar, ArcSight, LogRhythm) across on-premises, cloud, and hybrid environments.
- Integrate log sources, including firewalls, endpoints, servers, applications, and cloud services.
- Maintain normalization, parsing, and correlation rules to ensure accurate alerting.
Alerting & Use Case Development
- Develop and optimize detection use cases for potential threats, vulnerabilities, and anomalous behaviors.
- Tune SIEM rules to reduce false positives while maximizing detection coverage.
- Collaborate with SOC Analysts to validate alert efficacy and adjust detection logic.
Incident Support & Forensics
- Assist SOC Analysts and Incident Response teams in analyzing events and investigating security incidents.
- Provide technical support for log analysis, threat correlation, and forensic investigations.
- Maintain documentation of detection rules, playbooks, and incident response procedures.
Monitoring & Maintenance
- Monitor SIEM health, performance, and data ingestion pipelines.
- Conduct regular audits of log sources, retention policies, and system configurations.
- Implement upgrades, patches, and security hardening of the SIEM platform.
Reporting & Metrics
- Generate reports on security alerts, system performance, and compliance metrics.
- Provide insights to management and clients regarding SIEM effectiveness and coverage.
- Assist in regulatory reporting (SOC 2, ISO 27001, HIPAA) through log retention and monitoring evidence.
Continuous Improvement
- Stay current on emerging threats, attack patterns, and SIEM platform enhancements.
- Recommend and implement improvements to detection capabilities, alert workflows, and system integrations.
- Collaborate on automation initiatives to streamline monitoring and incident response.
Qualifications
Required
- 3–5+ years of experience with SIEM platforms in a SOC or Managed Security Services environment.
- Proficiency with log source integration, normalization, parsing, and correlation.
- Strong understanding of network protocols, security technologies, and threat detection methods.
- Experience working alongside SOC teams, incident response, or threat hunting functions.
- Strong analytical, problem-solving, and documentation skills.
Preferred
- Experience with cloud-native SIEM solutions (e.g., Azure Sentinel, AWS Security Hub, Google Chronicle).
- Knowledge of scripting or automation for log ingestion, parsing, or alert workflows (Python, PowerShell, Bash).
- Security certifications such as Splunk Certified Architect, QRadar SIEM, GSEC, or CISSP.
- Familiarity with regulatory compliance standards (SOC 2, ISO 27001, HIPAA).