SIEM Engineer

Role Overview:

We are seeking a highly skilled and motivated Security Administrator with strong expertise in Microsoft Sentinel SIEM to join our team. The successful candidate will be responsible for managing and optimizing security operations by configuring, monitoring, and troubleshooting Sentinel SIEM solutions, ensuring robust incident detection and response.

Key Responsibilities:

• Monitor and Manage SIEM: Oversee the setup, configuration, and management of Microsoft Sentinel SIEM to ensure effective monitoring of security events.
• Log Collection and Management: Ensure the collection, parsing, and storage of relevant security logs from various sources (e.g., firewalls, EDR, proxies).
• SIEM Optimization: Perform regular tuning of SIEM rules, policies, and use cases to reduce false positives and improve detection capabilities.
• Security Reports: Generate reports for various stakeholders on incidents, alerts, and system performance.
• Integration and Onboarding: Integrate new data sources and applications into Microsoft Sentinel to enhance coverage and monitoring capabilities.
• Security Best Practices: Stay current with the latest security trends, threats, and Sentinel SIEM features to apply best practices in managing and defending against cyber threats.
• Troubleshooting and Problem Resolution: Diagnose and resolve technical issues related to SIEM systems, log ingestion, and security event correlations.
• Collaboration: Work closely with IT, network, and security teams to ensure a secure environment and efficient incident response.
• Alert Triage and Escalation: Perform triage of security alerts, prioritize incidents, and escalate when necessary based on severity and impact.
• Incident Detection and Response: Investigate and respond to security incidents by analyzing event logs and alerts generated by the SIEM.

Qualifications:

• Education: Bachelor’s degree in Information Security, Computer Science, or related field, or equivalent practical experience.
• Experience:
• 5+ years of experience in Security Operations, with a strong focus on SIEM technologies.
• Hands-on experience with Microsoft Sentinel is a must.
• Technical Skills:
• Proficiency in Microsoft Sentinel (SIEM), including log ingestion, rule creation, and incident management.
• Strong foundation in Windows and Linux operating systems, networking concepts, and security protocols.
• Understanding of firewalls, EDR, and other security tools integrated with SIEM.
• KQL (Kusto Query Language) experience for querying Sentinel data.
• Certifications (preferred):
• Microsoft Certified: Security Operations Analyst Associate.
• Other relevant certifications like CISSP, CEH, or CompTIA Security+.

Soft Skills:

• Strong analytical and problem-solving skills.
• Excellent communication skills for both technical and non-technical audiences.
• Ability to work independently and in a team environment.
• Detail-oriented with the ability to prioritize and multitask in a fast-paced environment.