SIEM Engineer

Overview of the role:

We have a great opportunity to join our Security Detection team within Cyber Security Operations, where you will be a crucial member of the team working on the design, implementation, maintenance, and continuous improvement of the Security Information and Event Management (SIEM) platform and other Security Detection Tooling and Configurations.

You will be joining a team that is delivering and supporting security solutions at scale. This role requires a deep understanding of security event logging, monitoring, and incident response, ensuring the organizations security posture is robust and resilient against emerging threats.

Our Team focuses on creating solutions to complex security problems using modern technologies with a heavy cloud focus.

Responsibilities:

• Design, deploy, configure, and maintain the SIEM infrastructure.
• Develop, design and optimize SIEM use cases, correlation rules, alerts, and dashboards.
• Manage and support data ingestion from diverse security devices and applications (firewalls, IDS/IPS, endpoint protection, etc.) into the SIEM platform.
• Work closely with the SOC and Detection team to ensure the SIEM system is tuned to reduce false positives and accurately detect security incidents.
• Work closely with SOC analysts to support investigations and respond to security incidents.
• Assist in forensic analysis of security incidents, providing detailed reports and recommendations.
• Develop and maintain incident response playbooks and procedures and any Detection related Governance or Audit documentation as required.
• Integrate SIEM with other security tools (SOAR, threat intelligence platforms, etc.) to enhance detection and response capabilities.
• Develop automation scripts and processes to improve the efficiency of the SIEM and incident response workflows.
• Collaborate with IT and DevOps teams to ensure seamless integration of SIEM with enterprise systems.
• Ensure SIEM logging and monitoring meet compliance requirements (e.g., GDPR, PCI-DSS, HIPAA).
• Generate and distribute regular security reports to stakeholders.
• Participate in audits and assist in the preparation of documentation for regulatory compliance.
• Ensure the security tooling is functioning at all times with health-monitoring governance and suitable alerting in place.
• Conduct regular reviews of the SIEM system to identify opportunities for improvement.
• Provide training and mentorship to junior SOC staff on SIEM-related tasks and best practices.
• Liaise with other security teams, finding opportunities enhance security monitoring.
• Communicate effectively with technical and non-technical stakeholders, providing clear and concise updates on security issues.
• Provide out of hours support for our mission-critical services

Skills & Experience:

• Bachelor s degree in Computer Science, Information Security, or a related field.
• Certification such as: SIEM Administrator, CISSP, GSEC, OSCP or similar
• Minimum of 3-5 years of experience in cybersecurity, with a focus on SIEM technologies.
• Expertise in SIEM platforms such as Splunk, Elastic, ArcSight, QRadar, or LogRhythm.
• Strong knowledge of networking protocols, security architectures, and enterprise IT systems.
• Experience with scripting languages (Python, PowerShell, etc.) for automation.
• An understanding of the root causes of security vulnerabilities and security frameworks such as the OWASP top 10.
• Familiarity with cloud platforms (AWS, Azure, Google Cloud) and their security features.
• Understanding of threat intelligence and how to incorporate it into SIEM use cases.
• Strong analytical and problem-solving skills.
• Attention to detail and commitment to maintaining high standards.
• Ability to work under pressure and manage multiple tasks simultaneously.
• Excellent communication skills, both written and verbal (English).
• Proactive attitude towards learning and adapting to new technologies and threats.
• Hands-on experience with the Linux command line
• A keen eye for detail, spotting pitfalls in designs before effort is committed