Engineer

Key Responsibilities:SIEM Administration:- Manage day‑to‑day administration of an enterprise SIEM platform, including: - User & role management (RBAC) - Health monitoring, capacity management, EPS monitoring - Deployment and management of collectors, forwarders, log sources - Backup, retention, and storage management - Onboard, parse development, and normalize new log sources across security, network, cloud, and OS environments. - Tune SIEM correlation rules, searches, and alerts to reduce false positives and improve accuracy. - Develop dashboards, reports, and monitoring views for SOC operations. - Implement and maintain rule packages, reference sets/lists, and enrichment fields. - Ensure SIEM performance, HA, and operational stability. - ·Administer and maintain an enterprise SOAR platform including:- Integration management - User and team configurations - Incident types, layouts, classifications, and mapping - ·Design, develop, test, and deploy SOAR automation playbooks for:- Triage - Enrichment - Containment - Notification & workflow orchestration - ·Enhance existing playbooks with improved enrichment, decision logic, and approval flows.- ·Collaborate with SOC analysts and the IR team to automate manual steps and improve response efficiency.- ·Maintain automation codebase (primarily Python‑based actions/scripts).Required Skills & Experience- 2–5 years of experience in Security Operations / SIEM & SOAR engineering. - Strong hands‑on experience with: - SIEM administration (log ingestion standard and Custom integration, normalization, SIEM performance tuning and enhancement, dashboards) - SOAR administration (integrations, playbooks development, Entity enrichment, incident flows design and development) - Strong Python scripting for automation tasks in SOAR. - Strong knowledge of log formats: Syslog, CEF, JSON, XML, REST APIs. - Experience in troubleshooting ingestion issues and parsing problems. - Strong understanding of: - MITRE ATT&CK - Use case lifecycle - Incident response workflows - Enrichment and automation best practices - Good understanding of OS internals (Windows/Linux), network security devices, cloud logs, and security tools.

Apply Now