SIEM Engineer

We are seeking an SIEM Engineer to join our team at one of our offices. ✅ Responsibilities:  ✔️ Design, implement, and maintain the organization’s SIEM platform to ensure continuous, reliable, and scalable security monitoring.  ✔️ Develop and manage log source integrations across on-premise, cloud, and hybrid environments (e.g., infrastructure, applications, identity providers, endpoints).  ✔️ Build, fine-tune, and maintain correlation rules, detection logic, and alerting workflows to identify potential threats and anomalous behavior.  ✔️ Create and maintain dashboards, reports, and visualizations to support SOC operations, threat hunting, and management visibility.  ✔️ Continuously optimize SIEM performance and data ingestion efficiency, including parsing, filtering, and normalization of logs.  ✔️ Collaborate with Security Operations, Incident Response, and Threat Intelligence teams to improve detection coverage and response playbooks.  ✔️ Conduct periodic use case reviews to ensure alignment with evolving threat landscape and business priorities.  ✔️ Ensure proper data retention, storage, and access control configurations within the SIEM in accordance with internal policies and compliance standards.  ✔️ Automate repetitive processes and data enrichment using scripting or integrations with SOAR and external APIs.  ✔️ Document correlation rules, workflows, and integration procedures to maintain knowledge continuity.  ✔️ Support audits and compliance reporting by ensuring log completeness, traceability, and integrity.  ✔️ Participate in on-call or escalation rotations for critical security incidents where SIEM expertise is required.  ✔️ Evaluate and recommend improvements to SIEM architecture, detection capabilities, and related toolsets.  ✔️ Contribute to the roadmap and maturity development of the organization’s security monitoring and detection engineering functions.  ✅ Requirements:  ✔️ 3+ years of experience working with SIEM platforms (e.g., Splunk, ELK, QRadar, or similar). ✔️ 9+ months of experience working with ELK SIEM (Elasticsearch, Logstash, Kibana, and Beats). ✔️ Strong understanding of log management, event correlation, and alerting principles.  ✔️ Hands-on experience with log ingestion, parsing, and normalization from multiple sources.  ✔️ Proficiency in developing and tuning detection rules, dashboards, and reports.  ✔️ Good knowledge of security operations, incident response, and threat detection processes.  ✔️ Familiarity with common network, endpoint, and cloud security data sources.  ✔️ Experience with scripting (Python, PowerShell, or similar) for automation and data enrichment.  ✔️ Understanding of MITRE ATT&CK framework and its application in detection engineering.  ✔️ Strong analytical and troubleshooting skills.  ✔️ Effective communication and documentation skills.  ✔️ Fluency in English (written and spoken). ✅ Nice to have: ✔️ Experience with SOAR platforms.  ✔️ Experience with EDR.  ✔️ Experience with cloud environments (AWS, Azure, GCP) and related log sources.  ✔️ Familiarity with vulnerability management and exposure reduction processes.  ✔️ Knowledge of regulatory and compliance requirements (GDPR, ISO 27001, SOC 2, etc.). ✔️ Previous experience working in a global or distributed Security Operations environment.