Job Description
- Manage daily operations of Microsoft Sentinel, FortiSIEM, Splunk, and other SIEM tools to ensure stability, performance, and continuous availability
- Onboard Log Sources & Configure and validate connectors, agents, and ingestion pipelines to ensure accurate log collection, parsing, and normalization from various technologies
- Create correlation rules, analytics rules, and detection logic while continuously fine‑tuning them to increase true positives and reduce false positives
- Assist SOC analysts by resolving SIEM‑related issues such as detection failures, log gaps, platform errors, or alert inconsistencies
- Support SIEM deployments, upgrades, customer onboardings, and feature rollouts by contributing to technical configurations and requirements
- Map use cases to MITRE ATT&CK, incorporate emerging TTPs, and implement new rules based on threat intelligence and attack trends
- Perform routine health checks, monitor ingestion pipelines, and proactively address scalability, reliability, or performance-related issues
- Assist in developing and maintaining automation playbooks to improve SOC efficiency and reduce manual workload
- Maintain updated documentation, including architecture diagrams, rule libraries, onboarding guides, troubleshooting steps, and operational playbooks
- Work closely with SOC analysts, network teams, cloud engineers, threat hunters, and customer stakeholders to ensure smooth and secure operations
- Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related disciplines
- 1–3 years of experience in SOC operations, SIEM administration, security engineering, or related fields
- Experience with at least one SIEM platform such as Microsoft Sentinel, FortiSIEM, or Splunk
- Understanding of log collection, parsing, event correlation, and rule creation
- Knowledge of detection engineering principles and cybersecurity frameworks (e.g., MITRE ATT&CK)
- Familiarity with security tools such as firewalls, IDS/IPS, EDR, vulnerability scanners, and cloud security services
- Familiarity with Linux Operating System and scripting knowledge in PowerShell, Python, or Bash is an added advantage
- Strong analytical and problem‑solving abilities
- Excellent communication and teamwork skills
- High attention to detail and a proactive learning mindset
- Relevant certification such as: Microsoft SC‑200 / AZ‑500, Fortinet NSE 4/5/6, CompTIA Security+, CySA+, CEH or any SOC/SIEM‑related certification
- Relevant certifications, such as CISSP or CEH, will be an added advantage
Generating Apply Link...
