Platform Administrator - NextGen SIEM

Job Title: Platform Administrator NextGen SIEM

About ColorTokens

At ColorTokens, we empower businesses to stay operational and resilient in an increasingly complex cybersecurity landscape. Breaches happen but with our cutting-edge ColorTokens Xshield platform, companies can minimize the impact of breaches by preventing the lateral spread of ransomware and advanced malware. We enable organizations to continue operating while breaches are contained, ensuring critical assets remain protected.

Our innovative platform provides unparalleled visibility into traffic patterns between workloads, OT/IoT/IoMT devices, and users, allowing businesses to enforce granular micro-perimeters, swiftly isolate key assets, and respond to breaches with agility. Recognized as a Leader in the Forrester Wave : Microsegmentation Solutions (Q3 2024), ColorTokens safeguards global enterprises and delivers significant savings by preventing costly disruptions.

Join us in transforming cybersecurity. Learn more at www.colortokens.com .

Our culture

We foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously.

Self-starters and high-motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of world s impactful organizations be it a children s hospital, or a city, or the defense department of an entire country.

Position Overview:

Colortokens is seeking a highly skilled and motivated Platform Administrator to manage, maintain, and optimize our NextGen Security Information and Event Management (SIEM) platform. The ideal candidate will oversee the day-to-day operations, ensure seamless integration of customer log sources, security tools, and provide robust support to the security operations team. This role requires a strong technical background, hands-on experience with SIEM platforms, and a proactive approach to enhancing security posture.

Key Responsibilities:

1.SIEM Platform Administration

• Deploy, configure, and maintain the NextGen SIEM platform (e.g., Stellar Cyber, Splunk, Sentinel, QRadar, Chronicle, Exabeam etc).
• Perform regular updates, patches, and upgrades to ensure platform security and functionality.
• Monitor platform health, performance, and availability, ensuring optimal uptime.

2.Log Source Management

• Onboard new log sources, ensuring proper data ingestion and parsing from various environments (endpoints, servers, cloud platforms, applications).
• Troubleshoot and resolve issues related to log ingestion, parsing, and formatting.
• Maintain log retention policies in alignment with compliance requirements.

3.Rule and Use Case Management

• Develop, deploy, and fine-tune detection rules, correlation use cases, and alerts.
• Continuously update use cases based on emerging threats, business needs, or compliance mandates.
• Collaborate with SMEs and SOC analysts to refine detection capabilities and reduce false positives.

4.Integration and Automation

• Integrate the SIEM platform with other security tools (EDR, microsegmentation solution, vulnerability scanners, etc.).
• Design and implement automation workflows for incident detection, investigation, and response.

5.Platform Security and Compliance

• Enforce platform access control policies, ensuring role-based access and least privilege principles.
• Ensure the SIEM adheres to regulatory compliance standards (e.g., SOC2, ISO 27001).
• Conduct regular audits and ensure the platform is free of vulnerabilities.

6.Collaboration and Support

• Work closely with SOC analysts, threat hunters, and engineers to align the SIEM capabilities with security goals.
• Provide technical support to users of the SIEM platform.
• Offer training and documentation for security teams on effective SIEM usage.
• Be available round the clock in case of any incidents with the platform

7.Performance Monitoring and Optimization

• Monitor and optimize storage and indexing performance.
• Proactively identify bottlenecks and improve platform scalability.
• Generate reports on platform performance and alerting effectiveness.

8.Incident Support

• Assist the SOC team with root cause analysis and advanced investigations.
• Ensure forensic data is readily available during incident response.

Education and Certifications:

• Bachelor s degree in Computer Science, Information Security
• Relevant certifications such as Splunk Certified Admin, Microsoft Certified: Security Operations Analyst Associate, QRadar Certification, or similar NextGen SIEM certifications are highly desirable along with CISSP

Experience:

• 8+ years of experience in managing SIEM platforms (traditional or NextGen).
• Strong hands-on experience with at least one NextGen SIEM platform (e.g., Stellar Cyber, Splunk, Sentinel, Chronicle, Exabeam).
• Experience with log management, rule creation, and data onboarding.
• Familiarity with scripting languages (e.g., Python, PowerShell) for automation.

Technical Skills:

• In-depth understanding of log formats, protocols (e.g., Syslog, JSON, XML), and data pipelines.
• Proficiency in querying languages (e.g., KQL, SPL, AQL).
• Experience with integration of SIEMs with security tools like EDR, SOAR, NDR, and threat intelligence platforms.
• Knowledge of security frameworks such as MITRE ATT&CK, NIST, or CIS.

Soft Skills:

• Strong analytical and troubleshooting skills.
• Excellent verbal and written communication skills.
• Ability to work collaboratively in a fast-paced environment.

Preferred Skills:

• Familiarity with cloud-based security solutions (e.g., AWS, Azure, Google Cloud).
• Experience in implementing machine learning or anomaly detection in SIEM use cases.
• Exposure to SOAR tools (e.g., Palo Alto Cortex XSOAR, Splunk Phantom).

Key Metrics for Success:

• Uptime and performance of the SIEM platform.
• Number of new log sources and use cases onboarded.
• Reduction in false positives and tuning of alerts.
• Timely resolution of platform-related issues.
• Alignment of the platform with business and security requirements