SIEM Administrator

The SIEM Administrator is a critical and essential member of our 24x7 Security Operations team, responsible for the configuration of SIEM integrations, development and tuning of detection models, and customization of dashboards and reports.

The candidate should be familiar with various threat attack methods and frameworks, such as MITRE ATT&CK. The SIEM administrator must be a strong collaborator capable of working collaboratively with penetration testing consultants, security analysts, threat hunters, and intelligence analysts to develop and refine the SIEM models.

Preferred candidate profile

• 3+ years of experience working as a SIEM Administrator.
• Experience with Rejex, Usecase, SOP and integration.
• Basic understanding of TCP/IP, DNS, DHCP, SMTP, FTP, and HTTP
• Knowledge of SQL queries, having handled MYSQL or any RDBMS
• Skill with scripting languages such as Python, Perl or Bash is a plus.
• Be a self-starter and take initiative.
• Ability to perform research, read documentation, and independently learn new skills.

Role & responsibilities

• Operates and maintains SIEM tools and components, such as log aggregators, forwarders, and data observability systems.
• Develops, tests, implements, and tunes new threat detection models.
• Develops content that enables cybersecurity personnel to take the maximum advantage of existing tool capabilities, including SOAR workflows, integrations, and automated tasks.
• Collaborates across cybersecurity roles and teams to integrate SIEM components with cybersecurity enrichment and analysis platforms and systems management tools.
• Creates and maintains architectural documentation and operational procedures that describe the scope, purpose, configuration, use and maintenance of the SIEM tools and environments.