About the job
We are looking for a Cybersecurity SIEM Engineer RE to join our Security Operations team. You will be responsible for managing, monitoring, and optimizing our Security Information and Event Management (SIEM) platform to detect, analyze, and respond to cybersecurity threats. This role goes beyond daily operations and focuses on platform ownership, detection strategy, log architecture, and SOC enablement.
The ideal candidate has strong hands-on experience in SIEM deployment, log onboarding at scale, cloud SIEM platforms, and use case engineering, and acts as a technical authority supporting SOC analysts, incident responders. experience in Network Security and Network infrastructure, experience in Google SecOps (Chronicle) or Microsoft Sentinel, you will bridge the gap between infrastructure and security, SOC, ensuring our detection strategy is scalable, cost-effective, and resilient against modern threats.
Key Responsibilities
- Implement, deploy, and manage enterprise-scale SIEM platforms (Google Secops, Microsoft Sentinel, IBM QRadar, or cloud-native SIEMs).
- including ingestion pipelines, normalization strategy, parsing, retention, and scalability planning.
- Integrate new log sources and security tools into the SIEM platform for comprehensive visibility.
- Manage SIEM upgrades, migrations, and modernization initiatives (e.g., on-prem to cloud SIEM).
- Manage onboarding of complex log sources including EDR, IAM, network security devices, system, databases, applications, and cloud services.
- Validate log quality, parsing accuracy, field normalization, and data completeness.
- Optimize EPS ingestion, filtering, and data routing to control SIEM cost and performance.
- Troubleshoot ingestion, parsing, and performance issues across distributed environments.
- Collaborate with SOC L2/L3, IR, CTI, and SOAR teams to improve detection and response workflows.
- Ensure SIEM implementation aligns with organizational security policies, regulatory requirements, and audit needs.
- Develop executive and operational dashboards and security metrics.
- Support audits and regulatory reviews by providing evidence, reports, and architectural explanations.
- Stay current on evolving detection methodologies, and SIEM technologies.
- Evaluate new tools, integrations, and SIEM features to enhance SOC maturity.
- Drive automation and efficiency through scripting and SIEM-SOAR integration.
Required Qualifications & Skills
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related discipline.
- Minimum 3 - 5 years of hands-on experience in SIEM engineering, security engineering, or SOC technical roles.
- Deep hands-on expertise with at least one major SIEM platform (Google SecOPS, Microsoft Sentinel, IBM QRadar, XSIEM).
- Strong experience with cloud SIEM and cloud log ingestion (AWS, Azure, GCP). Cloud Administration.
- Advanced knowledge of:
- SIEM architecture and log pipeline design
- Detection engineering and correlation logic
- Incident response and SOC operations
- Proficiency in scripting, parser and automation (Python, PowerShell, Bash, Regex, Gostash ).
- Solid understanding of enterprise security technologies: EDR, firewalls, IAM, IDS/IPS, WAF, vulnerability management.
- Strong communication skills with the ability to explain complex technical concepts to both technical and non-technical stakeholders.
Preferred Certifications
- SIEM certifications (e.g., Professional Cloud Security Engineer or Chronicle Specialized training, Microsoft Certified: Security Operations Analyst Associate, IBM QRadar Advanced certifications)
- Security certifications such as GCIA, GCIH, CISSP, CCSP, or equivalent
- Cloud certifications (Google Cloud, AWS Security, Azure Security Engineer) are an advantage
Desired Attributes
- Ability to design scalable, resilient security solutions.
- Comfortable working in high-pressure SOC environments and leading during project deliverables.
- Ability to work independently and collaboratively in a fast-paced environment.
- Passionate about building mature detection and monitoring capabilities.
