SIEM Engineer

About This Opportunity

We are recruiting a SIEM Engineer to join our Cybersecurity team. In this role, you will be responsible for enhancing our organization’s security operations through the integration of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) capabilities, specifically utilizing Microsoft Sentinel. 

You will work closely with cross-functional teams to monitor, detect, and automate responses to security incidents, ensuring the organization’s network, systems, and data are secure. Your expertise in SIEM and SOAR will be key in improving the efficiency of our security processes and reducing response times to incidents.

Responsibilities

• Configure, manage, and optimize Microsoft Sentinel for security monitoring and event detection.
• Develop, fine-tune, and update detection rules and analytics using KQL (Kusto Query Language).
• Investigate and analyze security incidents, providing actionable insights and response strategies.
• Build and maintain automation playbooks within Microsoft Sentinel to orchestrate incident response and remediation actions.
• Integrate Sentinel with other security tools (e.g., firewalls, endpoint protection, threat intelligence platforms) to create automated workflows.
• Create and manage automated workflows to reduce manual intervention and improve response times.
• Monitor, update, and refine detection rules, playbooks, and automated responses to enhance efficiency.
• Develop and document incident response procedures, ensuring proper escalation processes and timely resolution of threats.
• Collaborate with cross-functional teams to ensure security monitoring and response strategies align with organizational goals.
• Ensure compliance with security policies, best practices, and regulatory requirements.

Qualifications

• College diploma and/or degree in Cybersecurity, Computer Science, Information Technology or a related field.
• Relevant certifications such as CISSP, CEH, SC-200, or AZ-500 are a plus.
• 3+ years of experience in security operations, with expertise in SIEM (preferably Microsoft Sentinel) and SOAR.
• Hands on experience with REST APIs
• Strong experience with Microsoft Sentinel, including the development of detection rules and queries using KQL.
• Strong understanding of cloud-based SIEM architecture and integration within Azure environments.
• Hands-on experience creating and maintaining SOAR playbooks for incident response automation.
• Familiarity with security operations tools such as firewalls, endpoint protection (e.g., CrowdStrike, Defender), and cloud security services.
• Experience with automation and scripting (Python, PowerShell) to enhance response capabilities.
• Excellent analytical skills with the ability to identify trends, detect potential threats, and automate responses.
• Strong communication skills to work with technical and non-technical teams to define and improve security processes.
• Knowledge of security frameworks (e.g. MITRE ATT&CK and MITRE D3FEND, NIST-CSF) and incident response best practices.
• Ability to manage multiple tasks in a fast-paced environment while maintaining attention to detail.
• Continuous Learning: Staying updated with the latest security trends and Microsoft Sentinel capabilities.

#LI-JB1

#CBSAS