Security Engineer – SIEM – SOAR Content Management

Essential Duties and Responsibilities

Includes the following:
SIEM/SOAR Content Development:

• Develop, refine, and maintain SIEM and SOAR content, including rules, correlation searches, alerts, dashboards, and reports.
• Analyze and interpret complex datasets to create meaningful security insights.
• Continuously update SIEM content to reflect evolving threats and security trends.
• Integrate new data sources and tune to work with existing use cases and alerting.
• Develop and implement best practices for SIEM and SOAR content management and development.
• Work closely with clients to understand their security needs and tailor SIEM content accordingly.
• Provide expert advice and recommendations on SIEM best practices and configurations.
• Serve as a subject matter expert in SIEM technologies and content development.
• Stay abreast of the latest cybersecurity technologies and practices.

Threat Analysis and Monitoring:

• Proactively identify and analyze emerging threats and adjust alerts and correlation searches accordingly.
• Collaborate with the incident response team for threat detection and analysis.
• Collaborate with SOC Analysts to tune alerts and create custom monitoring.
• Optimize SIEM for efficient threat monitoring and alerting.
• Guide and mentor junior team members in SIEM content creation and threat analysis.
• Participate in resolving Tier 3 escalations received from the SOC.
• May perform other duties as assigned.

Qualifications

Required Skills/Experience

• B.S. Degree in Cybersecurity, Computer Science or equivalent experience.
• 5+ years delivering information security infrastructure support and related services.
• At least 5 years of experience in SIEM content development and threat analysis in an MSSP or similar environment.
• Consulting or managed services provider experience.
• Working knowledge of web application firewalls, load balancers and proxies.
• Demonstrated experience in computer security combined with risk analysis, audit, and compliance.
• Expert knowledge of TCP/IP, common protocols, and standards.
• Experience with security scanning tools.
• Certifications: Relevant certifications (e.g., CISSP, CISA, GCIH, GCIA)

Preferred Qualifications

• In-depth knowledge of various SIEM platforms, scripting languages (e.g., Python, SPL, KQL), and understanding of network security and threat intelligence.
• Familiarity with Information Security requirements of Compliance audits.
• Hands on experience with Splunk, Elastic Search, and ServiceNow.
• Python programming experience.
• Experience working with API, webhooks and custom queries to ingest data

HOW YOU KNOW IF THIS JOB MIGHT BE FOR YOU

• You are motivated and driven to deliver value. You take ownership of your responsibilities and follow through on all client and team member requests and questions.
• You have deep technical skills and a strong interest in building, thinking, and organizing.
• You have excellent analytical skills and a keen attention to detail enabling you to solve complex problems with many variables.
• You can translate business requirements into detailed technical designs.
• You like meeting and working with new people. You are comfortable engaging with people at all levels in an organization.
• You are comfortable with change and multi-tasking. You enjoy learning new concepts and are
  quick on your feet. When things change, you know how to “roll with the punches.” 

Working Conditions

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed in this job description are representative of knowledge, skill and/or ability. Reasonable accommodation will be made to enable individuals with disabilities to perform the essential functions. 

Limited travel may be required.