Sr SIEM/SOAR Engineer (Remote)

Job Overview

The SIEM/SOAR Engineer is an expert in deploying, configuring, and managing a Security information and event management (SIEM) tool. They are responsible for creating alarms and dashboards related to relevant security data/threats/events. In addition, they can automate responses to alarms and enrich data from outside sources. They are competent to work in all aspects of managing security controls and products.

Key Responsibilities:

• Design, develop, and implement security information and event management (SIEM) rules and detections within the Devo SIEM platform.
• Configure and maintain log sources across diverse security and IT systems to ensure comprehensive data collection.
• Utilize Regex for efficient log parsing and extraction of relevant security events.
• Fine-tune detection rules to minimize false positives and negatives, optimizing threat identification accuracy.
• Develop and implement SOAR (Security Orchestration, Automation, and Response) workflows to automate incident response tasks.
• Investigate security alerts and incidents, conducting root cause analysis to identify and remediate threats.
• Collaborate with the security operations center (SOC) team to ensure effective incident response and threat hunting.
• Stay current with emerging threats and security best practices, recommending improvements to the SIEM configuration.
• Document SIEM configurations, detection rules, and incident response procedures.

What your background should look like:

Required Qualifications:

• 3+ years in Information Security SIEM administration, parser development, cybersecurity content development, creating queries, alerting, and log analysis (or similar logging role).
• 3+ years’ experience in scripting/process automation. 
• 3+ years operating and supporting a large enterprise environment
• Experience with security configuration of operating systems, network devices, etc. 
• Demonstrated experience with at least one programming/scripting language
• Demonstrated experience with securing all aspects of an enterprise
• Demonstrated experience in understanding networking technologies and protocols
• Demonstrated some systems administration experience with Windows and Linux/UNIX-based operating systems
• Participate in an on-call schedule for high-priority issues
• Experience in a technology-planning role.
• Must have a passion for technology and stay current with emerging security trends.
• Excellent verbal & written communication and presentation skills. 
• Experience with new technology evaluations, software package selection, and buy vs. build analysis.

Preferred Qualifications:

• Experience with Devo (or next-gen SIEM)
• Experience with AWS, Azure, SAAS logging, and cloud technologies in general
• Experience with EDR technologies
• Familiarity with standard logs from different systems: Windows/Linux/Cloud, etc. 
• Advanced Scripting – Powershell, Python, etc
• API integration/automation experience
• Experience with process automation / at least one primary SOAR tool 
• Manufacturing and engineering industry experience.
• Experience working in a global organization.

Education Required/Desired:

• Undergraduate degree in business, computer science, management information systems, or other equivalent work experience.

Competencies