SIEM/SOAR Security Engineer

Job Description What Success Looks Like In This Role - SIEM/SOAR Support: Assist in configuring and maintaining SIEM/SOAR platforms to support log collection, threat detection, and automated response workflows. Monitor and troubleshoot SIEM/SOAR systems to ensure reliable operation and data integrity. Support the creation of detection rules, dashboards, and alerts under senior engineer guidance. - Log Management: Help manage log ingestion pipelines, including syslog, Windows Event Logs, and other sources, using SIEM tools or log aggregator and refinement platforms like Cribl. Work with Incident Response teams and senior engineer to apply basic filtering and parsing rules to reduce noise and optimize log data for analysis. - Incident Response: Support incident response activities, including investigating alerts, collecting evidence, and documenting findings. Assist in executing SOAR playbooks for automated incident handling, under senior supervision. Participate in post-incident reviews to improve detection and response processes. - Technical Assistance: Work closely with senior engineers to implement and test SIEM/SOAR configurations. Perform routine maintenance tasks, such as updating rules, validating data ingestion, and monitoring system performance. - Compliance and Documentation: Assist in maintaining audit trails and logs to support compliance requirements (e.g., data protection regulations). Document configurations, incidents, and processes to ensure operational continuity. - Serves as an escalation point for technical issues around security tooling and the Unisys SOC team.| You will be successful in this role if you have: Key Qualifications - 7-10 years in security operations, IT, or a related technical role, with exposure to SIEM/SOAR systems. - Basic experience in incident response, such as handling alerts or supporting investigations. - Foundational knowledge of SIEM/SOAR platforms (e.g., Splunk, Google SecOps, QRadar, Elastic, or similar). - Familiarity with log management concepts, including syslog, Windows Event Logs, or API-based data collection. - Basic scripting skills (e.g., Python, Grok, Go, JSON) for automation or data processing. - Bachelor's Degree in Cybersecurity, Computer Science, Computer Engineering, Information Technology or similar, or the equivalent hands-on experience combined with training and certifications. - Exposure to incident response processes, such as triaging alerts or analyzing logs. - Willingness to learn threat detection frameworks (e.g., MITRE ATT&CK). - Familiarity with security issues associated with cloud environments, preferably with AWS or Azure. - Strong problem-solving skills and attention to detail. - Ability to work collaboratively with multiple teams and follow senior engineer guidance. - Good communication skills to document findings and report to stakeholders Preferred Qualifications - Exposure to Cribl, Splunk, or Google SecOps (Chronicle), with a willingness to learn these tools. - Basic understanding of log routing, filtering, or transformation concepts. - Experience with basic forensic analysis or playbook execution in a SOAR platform. - Entry-level certifications (e.g., CompTIA Security+, Splunk Fundamentals, GIAC Security Essentials) are a plus. Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law. This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers. If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at [Confidential Information] or alternatively Toll Free: 888-560-1782 (Prompt 4). US job seekers can find more information about Unisys EEO commitment here.