SIEM Engineer

Job Description

Monitor and analyze security events from various sources such as SIEM, EDR, firewalls, and cloud platforms (AWS, Azure). Integrate diverse log sources, including AWS, Azure, firewalls, Windows/Linux endpoints, into SIEM solutions. Develop, fine-tune, and optimize SIEM detection rules based on TTPs (Tactics, Techniques, and Procedures) and security best practices. Perform log ingestion, parsing, and correlation across security solutions, ensuring proper data normalization within SIEM. Identify and mitigate gaps in SIEM detection capabilities to improve rule accuracy and reduce false positives. Classify and prioritize security events, escalating incidents based on severity and risk. Automate security operations using scripting languages such as Python, Bash, or PowerShell. Strong understanding of various log formats, including Syslog, JSON, CEF, Windows Event Logs, etc. Utilize threat intelligence sources to enhance SIEM detection rules and response capabilities. Strong understanding of the MITRE ATTCK framework and how to map security events to it for detection and response. Maintain SIEM performance, troubleshoot issues, and implement best practices to optimize system operations. Stay updated on the latest security tools, technologies, and emerging trends to enhance SIEM capabilities and overall security posture.