SIEM Administrator/SIEM Platform Administration

SIEM Administrator/SIEM Platform Administration

Posted 2 weeks ago by 1751084797

Apply
Negotiable
Outside
Remote
USA
Apply
Access Query Languages ArcSight Enterprise Security Manager Auditing Automation Bash (Scripting Language) Certified Ethical Hacker (CEH) Certified Information Systems Security Professional (CISSP) Cloud Computing Cloud Technology Cyber Security Data Ingestion Data Loss Prevention Data Normalisation Data Quality External Auditing Google Cloud Google Cloud Platform (GCP) IBM QRadar (SIEM Software) IBM Software Log Analysis Management Microsoft 365 Microsoft Azure MITRE ATT&CK Framework Network Protocols Operating Systems Operational Efficiency Parsing Patch Management Python (Programming Language) Scripting Security Information And Event Management (SIEM) Splunk Threat Detection Windows PowerShell

Summary: The SIEM Administrator is responsible for the administration and optimization of the Security Information and Event Management (SIEM) platform, focusing on log source integration, detection rule development, and alignment with the MITRE ATT&CK framework. This role is crucial for enhancing the organization's threat detection and response capabilities. The ideal candidate should possess strong technical skills and a detail-oriented mindset to improve security operations. A passion for cybersecurity and a proactive approach to problem-solving are essential for success in this position.

Key Responsibilities:

  • Manage and maintain the Google Chronicle SIEM platform including system health, performance monitoring, and upgrades.
  • Configure and optimize SIEM dashboards, reports, and alerts for operational efficiency.
  • Perform regular backups, patch management, and capacity planning to ensure platform reliability.
  • Onboard and integrate diverse log sources (e.g.: firewalls, endpoints, cloud platforms, applications) into the SIEM platform.
  • Validate log data quality, normalize event formats, and ensure consistent data ingestion.
  • Troubleshoot and resolve issues related to log collection and parsing.
  • Develop, test, and deploy correlation rules and use cases to detect potential security threats.
  • Continuously tune existing rules to reduce false positives and improve detection accuracy.
  • Collaborate with threat intelligence teams to incorporate emerging threat indicators into SIEM rules.
  • Map SIEM use cases and detection rules to MITRE ATT&CK techniques and tactics.
  • Identify coverage gaps and develop strategies to enhance detection capabilities aligned with MITRE ATT&CK.
  • Maintain documentation of MITRE ATT&CK mappings for audits and reporting.

Key Skills:

  • 5+ years of experience in SIEM administration or a similar cybersecurity role.
  • Hands-on experience with SIEM platforms, primarily Google Chronicle.
  • Knowledge on Microsoft Sentinel, Splunk, IBM QRadar, Elastic SIEM, ArcSight are added advantages.
  • Proven experience integrating log sources and developing correlation rules.
  • Familiarity with processes and tools such as enterprise firewalls, network intrusion detection/prevention, virtual private networking, application listing, and data loss prevention.
  • Familiarity with the security concepts of log analysis, monitoring, and system/network auditing or experience working in a security operations center.
  • Familiarity with the MITRE ATT&CK framework and its application in threat detection.
  • Proficiency in log management, event correlation, and data normalization techniques.
  • Knowledge of network protocols, operating systems (Windows/Linux), and cloud environments (AWS, Azure, Google Cloud Platform).
  • Scripting skills (e.g., Python, PowerShell, Bash) for automation and custom parsing.
  • Query skills (e.g., MS Sentinel KQL; Splunk SPL; IBM QRadar AQL).
  • Understanding of threat intelligence feeds and IOC integration.
  • Cybersecurity certifications such as CompTIA Security+, CEH, CISSP, or GIAC.
  • Strong analytical and problem-solving skills.
  • Excellent communication and documentation abilities.
  • Ability to work independently and collaborate in a team environment.

Salary (Rate): undetermined

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Position:SIEM Administrator /SIEM Platform Administration

Location: Remote

Duration: 6 months

Job Summary: The role of the SIEM Administrator involves the administration, upkeep, and optimization of the Security Information and Event Management (SIEM) platform. This position is key to ensuring effective integration of log sources, developing and fine-tuning

detection rules, and aligning security operations with the MITRE ATT&CK framework to enhance the organization\ 's threat detection and response capabilities. The ideal candidate is detail-oriented, technically proficient, and passionate about strengthening organizational
security.

Key Responsibilities

a) SIEM Platform Administration
o Manage and maintain the Google Chronicle SIEM platform including system health, performance monitoring, and upgrades,
o Configure and optimize SIEM dashboards, reports, and alerts for operational efficiency, o Perform regular backups, patch management, and capacity planning to ensure platform reliability.

b) Log Source Integration
o Onboard and integrate diverse log sources (e.g.: firewalls, endpoints, cloud platforms, applications) into the SIEM platform,
o Validate log data quality, normalize event formats, and ensure consistent data ingestion,
o Troubleshoot and resolve issues related to log collection and parsing.


c) Rules Creation and Tuning
o Develop, test, and deploy correlation rules and use cases to detect potential security threats,
o Continuously tune existing rules to reduce false positives and improve detection accuracy,
o Collaborate with threat intelligence teams to incorporate emerging threat indicators into SIEM rules.


d) MITRE ATT&CK Framework Alignment
o Map SIEM use cases and detection rules to MITRE ATT&CK techniques and tactics,
o Identify coverage gaps and develop strategies to enhance detection capabilities aligned with MITRE ATT&CK,
o Maintain documentation of MITRE ATT&CK mappings for audits and reporting.

Qualifications: a) Experience
o 5+ years of experience in SIEM administration or a similar cybersecurity role,
o Hands-on experience with SIEM platforms, primarily Google Chronicle,
o Knowledge on Microsoft Sentinel Splunk, IBM QRadar, Elastic SIEM, ArcSight are added advantage,
o Proven experience integrating log sources and developing correlation rules,
o Familiarity with processes and tools such as: enterprise firewalls, network intrusion detection/prevention, virtual private networking, application listing, and data loss prevention
o Familiarity with the security concepts of log analysis, monitoring and system/network auditing or experience working in a security operations center
o Familiarity with the MITRE ATT&CK framework and its application in threat detection.


b) Technical Skills
o Proficiency in log management, event correlation, and data normalization techniques.
o Knowledge of network protocols, operating systems (Windows/Linux), and cloud environments (AWS, Azure, Google Cloud Platform).
o Scripting skills (e.g., Python, PowerShell, Bash) for automation and custom parsing.
o Query skills (e.g., MS Sentinel KQL; Splunk SPL; IBM QRadar AQL;
o Understanding of threat intelligence feeds and IOC integration.
o Cybersecurity certifications such as CompTIA Security+, CEH, CISSP, or GIAC.


c) Soft Skills:
o Strong analytical and problem-solving skills.
o Excellent communication and documentation abilities.
o Ability to work independently and collaborate in a team environment.

Apply
Similar Jobs
Loading data...