SIEM Engineer

You will be responsible for leading advanced threat detection and response activities within the organization. Your main tasks will include developing and optimizing SIEM use cases, correlation rules, and dashboards. Additionally, you will investigate and respond to escalated incidents from L2 analysts and perform root cause analysis for complex incidents to provide actionable insights. You will also lead threat hunting exercises to identify advanced persistent threats (APTs) and configure and maintain SIEM platforms to ensure optimal performance and scalability. In this role, you will be expected to integrate new log sources and ensure proper parsing and normalization. Collaboration with SOC management to define and enhance incident management workflows will be essential. You will also conduct training sessions and mentor L1/L2 analysts while staying updated with emerging threats, vulnerabilities, and industry best practices. The ideal candidate will possess expertise in SIEM tools such as Splunk, Sentinel, and QRadar, along with experience in SIEM administration, deployment, and configuration. Familiarity with Arcsight Admin is considered a plus. Strong knowledge of threat detection, correlation rules, and dashboards is required, as well as the ability to lead incident response and threat hunting activities. An understanding of security frameworks and best practices is crucial, and preferred certifications include GCIH and CISSP. To qualify for this position, you should hold a Bachelor's Degree in a related field. Relevant certifications such as GIAC Certified Incident Handler (GCIH) or Certified Information Systems Security Professional (CISSP) are preferred.,