SIEM Engineer

Role: SIEM Engineer

Location: India Pune Remote (future hybrid)

Work hours: 2-11 pm India hours

Job Overview: The SIEM Engineer is a critical member of the Security Operations Center (SOC) team, responsible for designing, implementing, and managing Security Information and Event Management (SIEM) systems to protect organizational assets from cyber threats. This role involves monitoring, analyzing, and responding to security incidents, optimizing SIEM platforms, and collaborating with cross-functional teams to enhance the organization's security posture.

Key Responsibilities :

- SIEM System Management: Configure, manage, and maintain SIEM platforms to ensure effective log collection, event correlation, and alerting mechanisms.
- Threat Detection and Response: Develop, implement, and fine-tune use cases, correlation rules, and threat detection playbooks to identify and mitigate security threats in real time.
- Incident Analysis: Perform initial triage, analysis, and investigation of security alerts and incidents, escalating critical issues to senior SOC members as needed.
- Log Ingestion and Integration: Integrate various log sources (e.g., firewalls, IDS/IPS, endpoints, cloud platforms like AWS/Azure) into the SIEM system and ensure seamless data ingestion.
- Alert Optimization: Continuously optimize and tune SIEM alerts to reduce false positives and improve the accuracy of threat detection.
- Collaboration: Work closely with SOC analysts, incident response teams, and other IT/security teams to coordinate threat mitigation and remediation efforts.
- Reporting and Documentation: Generate detailed reports on SIEM performance, incident metrics, and security trends, and maintain comprehensive documentation of processes and procedures.
- Threat Intelligence Integration: Incorporate threat intelligence feeds into SIEM systems to enhance detection capabilities and stay updated on emerging threats.
- Automation and Scripting: Develop scripts (e.g., Python, PowerShell) to automate repetitive tasks and improve SOC operational efficiency.
- Continuous Improvement: Stay updated on the latest cybersecurity trends, SIEM technologies, and attack vectors to enhance SOC capabilities.

Skills and Qualifications:

Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master's degree or relevant certifications (e.g., CISSP, CEH, CompTIA Security+) are preferred.

Experience:

- 3-5 years of experience in cybersecurity, with at least 2 years focused on SIEM administration and management.
- Hands-on experience with SIEM platforms such as Sentinel, Splunk, IBM QRadar, ArcSight, or LogRhythm.
- Previous experience in a Security Operations Center (SOC) environment is highly desirable.

Technical Skills:

- Proficiency in SIEM architecture, data collection, and event correlation.
- Knowledge of network security, firewalls, IDS/IPS, and endpoint detection and response (EDR) tools.
- Familiarity with cloud security platforms (e.g., AWS, Azure, Google Cloud) and their integration with SIEM.
- Scripting skills in Python, PowerShell, or similar languages for automation.
- Understanding of TCP/IP, network protocols, and enterprise network security technologies.
- Strong analytical and problem-solving skills to identify and mitigate complex security threats.
- Excellent communication skills for reporting, documentation, and collaboration with cross-functional teams.
- A proactive mindset with a passion for continuous learning in the cybersecurity domain.

Certifications (Preferred):

- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- CompTIA Security+

Familiarity with threat intelligence platforms and their integration into SIEM systems.

---