SIEM / SOAR Engineer

In-depth knowledge of SIEM architecture, data collection, event correlation, and alerting mechanisms. Strong experience with SOAR platforms and automated workflows. Familiarity with cloud security platforms (e.g., Azure, AWS, GCP) and their integration with SIEM and SOAR. Understanding of security principles, threat detection, and incident response. Strong problem-solving and troubleshooting abilities. Excellent communication and collaboration skills. Ability to work independently and in a team-oriented environment. Strong attention to detail and a passion for cybersecurity.

Design, deploy, and optimize SIEM systems (e.g., Microsoft Sentinel, Splunk, QRadar). Develop and maintain custom log sources, data connectors, and parsing rules to meet customer needs. Create and optimize correlation rules, detection rules, and alerts for security events and incidents. Perform regular tuning and fine-tuning of the SIEM platform to improve accuracy and reduce false positives. Monitor and analyze SIEM logs and alerts to identify security incidents and anomalies. Design, implement, and manage automated response playbooks within the SOAR platform (e.g. Azure Logic Apps, Palo Alto Networks Cortex XSOAR, Splunk Phantom) to enhance security operations. Integrate SIEM, threat intelligence, ticketing systems, and other security tools to create seamless, automated workflows. Develop and maintain automated incident response workflows to reduce response times and improve incident handling. Collaborate with customer security teams to identify areas for automation in threat detection and incident response. Work with other teams to ensure alignment of security operations processes and threat detection strategies. Provide regular reports on the status and effectiveness of SIEM and SOAR tools for customers. Assist in generating reports for compliance, audit, and executive leadership.