Key Skills:
Deep hands-on expertise in SIEM administration (e.g., QRadar, Splunk, ArcSight, Sentinel).
Strong understanding of security architecture, log management, and data correlation.
Proficient in use case development, custom rule creation, and fine-tuning correlation logic.
Solid scripting ability for automation and data parsing (Python, Regex, PowerShell, etc.).
Knowledge of incident handling frameworks (NIST, MITRE ATT&CK, etc.).
Experience integrating SIEM with threat intelligence feeds, EDR, and other security tools.
Excellent problem-solving, documentation, and leadership skills.
Key Responsibilities:
Design, configure, and manage the overall SIEM infrastructure and log ingestion pipeline.
Develop and optimize use cases, dashboards, and correlation rules to enhance detection coverage.
Ensure system performance, scalability, and data integrity of the SIEM platform.
Coordinate with SOC, network, and application teams for log source onboarding and troubleshooting.
Lead SIEM upgrades, migrations, and patch management.
Provide guidance and mentorship to Junior SIEM Admins and SOC analysts.
Conduct regular tuning and false-positive analysis to improve detection accuracy.
Support compliance reporting and audit requirement