Job Title:
SIEM Administrator - Mumbai
Company: Network Intelligence
Location: Mumbai, Maharashtra
Created: 2026-03-31
Job Type: Full Time
Job Description:
Key Responsibilities:SIEM Administration:Manage day‑to‑day administration of an enterprise SIEM platform, including:User & role management (RBAC)Health monitoring, capacity management, EPS monitoringDeployment and management of collectors, forwarders, log sourcesBackup, retention, and storage managementOnboard, parse development, and normalize new log sources across security, network, cloud, and OS environments.Tune SIEM correlation rules, searches, and alerts to reduce false positives and improve accuracy.Develop dashboards, reports, and monitoring views for SOC operations.Implement and maintain rule packages, reference sets/lists, and enrichment fields.Ensure SIEM performance, HA, and operational stability.·Administer and maintain an enterprise SOAR platform including:Integration managementUser and team configurationsIncident types, layouts, classifications, and mapping·Design, develop, test, and deploy SOAR automation playbooks for:TriageEnrichmentContainmentNotification & workflow orchestration·Enhance existing playbooks with improved enrichment, decision logic, and approval flows.·Collaborate with SOC analysts and the IR team to automate manual steps and improve response efficiency.·Maintain automation codebase (primarily Python‑based actions/scripts).Required Skills & Experience2–5 years of experience in Security Operations / SIEM & SOAR engineering.Strong hands‑on experience with:SIEM administration (log ingestion standard and Custom integration, normalization, SIEM performance tuning and enhancement, dashboards)SOAR administration (integrations, playbooks development, Entity enrichment, incident flows design and development)Strong Python scripting for automation tasks in SOAR.Strong knowledge of log formats: Syslog, CEF, JSON, XML, REST APIs.Experience in troubleshooting ingestion issues and parsing problems.Strong understanding of:MITRE ATT&CKUse case lifecycleIncident response workflowsEnrichment and automation best practicesGood understanding of OS internals (Windows/Linux), network security devices, cloud logs, and security tools.