SIEM Engineer

Role: SIEM Engineer

Location: India Pune Remote (future hybrid)

Work hours: 2-11 pm India hours

Job Overview:

Key Responsibilities :

• SIEM System Management: Configure, manage, and maintain SIEM platforms to ensure effective log collection, event correlation, and alerting mechanisms.
• Threat Detection and Response: Develop, implement, and fine-tune use cases, correlation rules, and threat detection playbooks to identify and mitigate security threats in real time.
• Incident Analysis: Perform initial triage, analysis, and investigation of security alerts and incidents, escalating critical issues to senior SOC members as needed.
• Log Ingestion and Integration: Integrate various log sources (e.g., firewalls, IDS/IPS, endpoints, cloud platforms like AWS/Azure) into the SIEM system and ensure seamless data ingestion.
• Alert Optimization: Continuously optimize and tune SIEM alerts to reduce false positives and improve the accuracy of threat detection.
• Collaboration: Work closely with SOC analysts, incident response teams, and other IT/security teams to coordinate threat mitigation and remediation efforts.
• Reporting and Documentation: Generate detailed reports on SIEM performance, incident metrics, and security trends, and maintain comprehensive documentation of processes and procedures.
• Threat Intelligence Integration: Incorporate threat intelligence feeds into SIEM systems to enhance detection capabilities and stay updated on emerging threats.
• Automation and Scripting: Develop scripts (e.g., Python, PowerShell) to automate repetitive tasks and improve SOC operational efficiency.
• Continuous Improvement: Stay updated on the latest cybersecurity trends, SIEM technologies, and attack vectors to enhance SOC capabilities.

Skills and Qualifications:

Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master's degree or relevant certifications (e.g., CISSP, CEH, CompTIA Security+) are preferred.

Experience:

• 3-5 years of experience in cybersecurity, with at least 2 years focused on SIEM administration and management.
• Hands-on experience with SIEM platforms such as Sentinel, Splunk, IBM QRadar, ArcSight, or LogRhythm.
• Previous experience in a Security Operations Center (SOC) environment is highly desirable.

Technical Skills:

• Proficiency in SIEM architecture, data collection, and event correlation.
• Knowledge of network security, firewalls, IDS/IPS, and endpoint detection and response (EDR) tools.
• Familiarity with cloud security platforms (e.g., AWS, Azure, Google Cloud) and their integration with SIEM.
• Scripting skills in Python, PowerShell, or similar languages for automation.
• Understanding of TCP/IP, network protocols, and enterprise network security technologies.
• Strong analytical and problem-solving skills to identify and mitigate complex security threats.
• Excellent communication skills for reporting, documentation, and collaboration with cross-functional teams.
• A proactive mindset with a passion for continuous learning in the cybersecurity domain.

Certifications (Preferred):

• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• CompTIA Security+

Familiarity with threat intelligence platforms and their integration into SIEM systems.