SIEM/EDR Specialist - Splunk/QRadar (3-5 yrs)

What You'll Do :

We are seeking a skilled and detail-oriented SIEM and EDR Specialist to join our Security Operations team.

This role involves designing, managing, and optimizing SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) solutions to enhance the organization's cybersecurity posture.

The ideal candidate will leverage their expertise to detect, investigate, and respond to security incidents, ensuring the protection of our systems, data, and users.

Key Responsibilities :

- Configure, manage, and maintain SIEM and EDR platforms to ensure optimal performance and coverage.

- Develop and refine detection rules, correlation alerts, and threat hunting queries in the SIEM environment.

- Analyze logs, network traffic, and endpoint telemetry to identify and respond to potential security threats.

- Lead incident response activities, including containment, eradication, and recovery efforts.

- Collaborate with IT and other security teams to integrate new data sources and improve threat detection capabilities.

- Stay up-to-date on the latest threat intelligence, vulnerabilities, and attack techniques to continuously enhance detection and response strategies.

- Conduct regular health checks of SIEM and EDR platforms, troubleshoot issues, and implement upgrades.

- Develop and maintain comprehensive documentation for processes, configurations, and playbooks.

- Provide training and mentorship to junior team members and act as a subject matter expert for SIEM and EDR technologies.

What Makes You a Qualified Candidate :

- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field. Equivalent experience may be considered.

- 3-5 years of hands-on experience managing and configuring SIEM platforms (e., Splunk, QRadar, LogRhythm, Sentinel, Palo Alto Cortex).

- 3+ years of experience with EDR solutions (e., CrowdStrike, Carbon Black, SentinelOne, Cortex)

- Experience in Migrating EDR and SIEM Platforms.

- Proven experience in incident response and threat hunting.

- Strong understanding of log management, event correlation, and security event analysis.

- Proficiency in scripting and automation (e., Python, PowerShell) to streamline processes.

- Familiarity with common attack frameworks (MITRE ATT&CK, Cyber Kill Chain).

- Solid grasp of networking concepts, operating systems (Windows/Linux), and cybersecurity principles.

- Experience with cloud security monitoring (AWS, Azure, or GCP).

- Relevant certifications such as GCIA, GCIH, CEH, CISSP, CISM, or vendor-specific certifications (e., Splunk Certified Architect, Cortex Certified etc CrowdStrike Certified Falcon Administrator).

What You Will Bring :

- Analytical Mindset : Strong problem-solving skills with the ability to analyze complex data sets to identify anomalies and potential threats.

- Attention to Detail : A meticulous approach to configuration, troubleshooting, and incident documentation.

- Collaboration : Excellent interpersonal skills with the ability to work effectively across teams in high-pressure environments.

- Adaptability : A proactive attitude and willingness to stay updated on emerging security trends and tools.

- Communication Skills : Clear and concise communication, both verbal and written, to convey technical details to diverse audiences.

- Passion for Cybersecurity : A genuine interest in defending against evolving cyber threats and a commitment to continuous learning