Senior Cyber Security Engineer

10+ years of experience in cybersecurity 7+ years hands-on SIEM engineering experience Expert-level proficiency in one or more SIEM platforms (Elastic SIEM, Splunk, IBM QRadar, Exabeam, Securonix, or similar) Strong experience with log collectors (Syslog-NG, Rsyslog, Beats, Logstash, FluentD) Experience with custom parsers, field extractions, and data normalization Experience with SIEM data models and schema design Experience designing and deploying ingestion from multi-cloud environments Strong scripting skills (Python, PowerShell, Bash) Deep knowledge of network protocols (TCP/UDP, TLS, DNS, HTTP, VPN, proxies) Solid understanding of Windows/Linux internals, AD, IAM, firewalls, EDR, and cloud telemetry Experience managing or integrating WAF platforms (F5, Imperva, Cloudflare, Akamai) Experience managing or integrating NDR platforms (Vectra, Corelight, Darktrace, ExtraHop) Exposure to EDR (CS, Defender), AV (Symantec), SOAR for workflow automation Certifications: GCIA, GCDA, GCIH, Splunk Architect, Azure Security, CISSP, or equivalent (Nice-to-Have)

Architect and design scalable SIEM environments Define SIEM ingestion architecture Design SIEM data schemas, field mapping, and normalization Develop onboarding standards and ingestion frameworks Build and deploy SIEM components Configure ingestion for various systems and applications Create and maintain parsing rules Integrate threat intelligence feeds Develop advanced correlation rules and use cases Map detections to MITRE ATT&CK Build dashboards, reports, and alerting frameworks Maintain SIEM platform health through upgrades and patching Perform SIEM ingestion troubleshooting and optimization Conduct SIEM capacity planning and performance tuning Implement RBAC and compliance-driven logging controls Build automation for maintenance tasks