SIEM Engineer

Summary

Join TechBiz Global, a leading recruitment and software development company, as a highly skilled SIEM Engineer. You will leverage 5-8 years of hands-on experience with SIEM tools like QRadar, Splunk, and the Elastic Stack to design, deploy, and manage SIEM solutions. Responsibilities include integrating various log sources, developing correlation rules, and ensuring efficient monitoring and threat detection. You will collaborate with security teams to optimize incident response and maintain the overall health of the SIEM environment. This role requires expertise in SIEM platform management, strong scripting abilities, and a deep understanding of security protocols. A Bachelor's degree in a related field or equivalent experience is required.

Requirements

• 5-8 years of experience working in SIEM engineering and administration roles
• Proven expertise with SIEM platforms like QRadar, Splunk, Microsoft Sentinel, and Elastic Stack (Elasticsearch, Logstash, Kibana)
• Experience in integrating and managing log sources from diverse systems and platforms
• Strong understanding of security incident detection, threat analysis, and response processes
• Proficiency in SIEM platform management, rule creation, and performance tuning
• Hands-on experience with Elastic Stack (Elasticsearch, Logstash, Kibana) for log management, search, and security monitoring
• Strong scripting abilities (e.g., Python, PowerShell, Bash) for automation
• Knowledge of security protocols, network traffic analysis, and intrusion detection systems
• Experience working with security frameworks such as MITRE ATT&CK, NIST, or CIS
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience)

Responsibilities

• Design, deploy, and configure SIEM solutions, including Elastic Stack (Elasticsearch, Logstash, Kibana), Wazuh, QRadar, Splunk & Microsoft Sentinel
• Integrate various log sources (e.g., firewalls, IDS/IPS, network devices, applications),/OT/IOT into the SIEM platform
• Develop and fine-tune correlation rules, dashboards, and alerts for proactive threat detection
• Perform system upgrades, patches, and manage the overall health of the SIEM environment
• Ensure proper log ingestion from multiple data sources, including Elasticsearch and Kibana, and troubleshoot any logging issues
• Maintain data retention policies, manage storage, and optimize SIEM performance
• Monitor and analyze system and security logs for anomalies, potential threats, or suspicious activities
• Configure and maintain Elasticsearch clusters for log storage and search functionality
• Utilize Kibana to create custom dashboards, visualizations, and reports for security monitoring
• Work with Logstash or other log shippers for effective data parsing and enrichment before SIEM ingestion

Preferred Qualifications

• SIEM-related certifications (e.g., IBM QRadar Certified, Splunk Certified Architect, Elastic Certified Engineer)
• Security certifications such as CISSP, CISM, or CEH are a plus
• Strong problem-solving and analytical thinking abilities
• Excellent communication skills to convey complex technical concepts to stakeholders
• Ability to work independently or in a team with minimal supervision