ColorTokens - Platform Engineer - SIEM

Job Title : Platform Engineer

About ColorTokens

At ColorTokens, we empower businesses to stay operational and resilient in an increasingly complex cybersecurity landscape.

Breaches happenbut with our cutting-edge ColorTokens Xshield platform, companies can minimize the impact of breaches by preventing the lateral spread of ransomware and advanced malware.

We enable organizations to continue operating while breaches are contained, ensuring critical assets remain protected.

Our innovative platform provides unparalleled visibility into traffic patterns between workloads, OT/IoT/IoMT devices, and users, allowing businesses to enforce granular micro-perimeters, swiftly isolate key assets, and respond to breaches with agility.

Recognized as a Leader in the Forrester Wave : Microsegmentation Solutions (Q3 2024), ColorTokens safeguards global enterprises and delivers significant savings by preventing costly Overview :

Colortokens is looking for a Junior Platform Administrator to assist in managing, maintaining, and optimizing our NextGen Security Information and Event Management (SIEM) platform.

The ideal candidate will support the day-to-day operations, help onboard customer log sources, troubleshoot integration issues, and provide technical assistance to the security operations team.

This role is ideal for a motivated professional with 3+ years of experience in SIEM administration, security operations, or log management.

Key Responsibilities :

SIEM Platform Administration :

- Assist in deploying, configuring, and maintaining the NextGen SIEM platform (e.g., Stellar Cyber, Splunk, Sentinel, QRadar, Chronicle, Exabeam).

- Perform basic updates and patches to ensure platform security and functionality.

- Monitor SIEM health, performance, and uptime under the guidance of senior administrators.

Log Source Management :

- Onboard new log sources and validate data ingestion.

- Help troubleshoot log ingestion, parsing, and formatting issues.

- Maintain log retention policies for compliance.

Rule and Use Case Management :

- Support the development and deployment of detection rules, correlation use cases, and alerts.

- Tune existing use cases to minimize false positives.

- Work closely with security analysts to refine alerting strategies.

Integration and Automation :

- Assist in integrating SIEM with other security tools (e.g., EDR, microsegmentation, vulnerability scanners).

- Work on basic automation tasks using scripting (Python, PowerShell) to enhance SIEM efficiency.

Platform Security and Compliance :

- Support role-based access control (RBAC) and platform security policies.

- Help ensure SIEM adheres to compliance standards like SOC2, ISO 27001.

- Participate in periodic security audits.

Network Debugging & Troubleshooting :

- Have a basic understanding of TCP/IP, networking concepts, and protocols.

- Assist in debugging network connectivity issues related to SIEM log ingestion.

- Use basic network troubleshooting tools .

Collaboration and Support :

- Work alongside SOC analysts, threat hunters, and security engineers.

- Provide basic technical support for SIEM users.

- Assist in training and documentation for security teams.

Performance Monitoring and Optimization :

- Monitor storage and indexing performance to ensure optimal operations.

- Report any performance issues to senior administrators.

- Contribute to platform health reports and alerting metrics.

Incident Support :

- Assist SOC teams in log analysis, incident response, and forensic investigations.

- Ensure log data is readily available for security incidents.

Education and Certifications :

- Bachelors degree in Computer Science, Information Security, or a related field.
- Certifications (Preferred but not mandatory) :

a. Splunk Certified User/Admin

b. Microsoft Certified : Security Operations Analyst Associate

c. QRadar Certification

d. Any SIEM-related certification

Experience :

- 3+ years of experience in SIEM administration, security operations, or log management.

- Hands-on experience with at least one SIEM platform (e.g., Stellar Cyber, Splunk, Sentinel, Chronicle, Exabeam).

- Basic knowledge of log ingestion, rule creation, and data parsing.

- Exposure to scripting (Python, PowerShell) for automation.

- Basic understanding of TCP/IP networking concepts and network debugging.

Technical Skills :

- Understanding of log formats, Syslog, JSON, XML, and data pipelines.

- Basic knowledge of querying languages (KQL, SPL, AQL).

- Familiarity with SIEM integration with security tools like EDR, SOAR, NDR.

- Awareness of MITRE ATT&CK, NIST, or CIS security frameworks.

- Basic experience with network troubleshooting tools (ping, traceroute, netcat (nc)).

Soft Skills :

- Strong problem-solving and troubleshooting abilities.

- Good verbal and written communication skills.

- Ability to work collaboratively in a security operations environment.

Preferred Skills :

- Basic understanding of cloud-based security solutions (AWS, Azure, Google Cloud).
- Exposure to SOAR tools (e.g., Cortex XSOAR, Splunk Phantom).
- Interest in machine learning-based anomaly detection for SIEM.

Key Metrics for Success :

- Successful onboarding of log sources.
- Improvement in log ingestion and parsing accuracy.
- Contribution to fine-tuning detection rules.
- Timely resolution of SIEM-related support requests.
- Ability to identify and troubleshoot basic network connectivity issues

(ref:hirist.tech)

---