All Jobs Vacancy

SIEM Engineer - Cortex XSIAM

Posted 4 days ago by kjohn@samrusystems.com

Summary: As a SIEM Engineer for Cortex XSIAM, you will play a critical role in assisting customers with log migration and detection strategies. Your responsibilities will include onboarding log sources, implementing correlation rules, and optimizing log source performance to enhance security measures. Collaboration with technical leads and internal teams is essential to ensure effective product adoption and customer protection against threats. This position requires a strong background in SIEM technologies and a proactive approach to improving detection strategies.

Key Responsibilities:

  • Work with technical lead to develop log ingestion strategy
  • Contribute to detection strategy based on industry best practices
  • Detail step by step process to ingest high quality log sources
  • Perform log source monitoring and optimization
  • Create high quality correlation rules
  • Tune log sources and correlation rules
  • Be an SME for SIEM, Correlation and Log Source Ingestion
  • Recognize opportunities where automation can improve analyst alert handling
  • Collaborate with internal and external teams to ensure product adoption
  • Create technical documentation detailing SIEM aspects of the engagement
  • Travel to customer meetings and workshops as needed (10%)

Key Skills:

  • 6+ years of deploying and integrating SIEM to enterprise to large enterprise-level
  • Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using SIEM platforms
  • The ability to create and develop correlation and detection rules within a SIEM to support alerting capabilities
  • Experience working with and deploying a variety of SIEM technologies (i.e Splunk, IBM QRadar)
  • A proven ability to offer suggestions on detection strategy based on customer requirements
  • Strong Regular Expression skills
  • Ability to understand logs, locating and understanding 3rd party documentation where needed
  • Familiarity with reports on the status of the SIEM to include metrics on items such as number of logging sources - log collection rate, and other performance metrics
  • Knowledge of Security Analysis & Response a plus, including both endpoint, network & cloud based environments
  • 4 years experience with Security Operation Centers tooling and processes
  • Relevant bachelor's degree or industry recognized qualifications (CISSP, GIAC, SIEM Vendor Qualification etc)
  • Ability to create, read, and understand technical design documentation

Salary (Rate): £40 yearly

City: undetermined

Country: undetermined

Working Arrangements: remote

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Experience: 6 to 10 Years

Visa: Any Visa (OPT also works)

Job Description:

As a SIEM Engineer for Cortex XSIAM, you will be responsible for assisting with the log migration and detection strategy of our customers. You will work closely with the technical lead to ensure that all of the relevant log sources are onboarded and ingested into XSIAM in accordance with industry best practices and customer requirements. You will then work to determine a suitable detection strategy, helping to protect customers from threats, by designing and implementing correlation rules.

Your Impact

Work with technical lead to develop log ingestion strategy

Contribute to detection strategy based on industry best practices

Detail step by step process to ingest high quality log sources

Perform log source monitoring and optimization

Create high quality correlation rules

Tune log sources and correlation rules

Be an SME for SIEM, Correlation and Log Source Ingestion

Recognize opportunities where automation can improve analyst alert handling

Collaborate with internal and external teams to ensure product adoption

Create technical documentation detailing SIEM aspects of the engagement

Travel to customer meetings and workshops as needed (10%)

Experience & Skills:

6+ years of deploying and integrating (SIEM) to enterprise to large enterprise-level

Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using (SIEM) platforms

The ability to create and develop correlation and detection rules, within a (SIEM) to support alerting capabilities

Experience working with and deploying a variety of SIEM technologies (i.e Splunk, IBM QRadar)

A proven ability to offer suggestions on detection strategy based on customer requirements

Strong Regular Expression skills

Ability to understand logs, locating and understanding 3rd party documentation where needed

Familiarity with reports on the status of the SIEM to include metrics on items such as number of logging sources - log collection rate, and other performance metrics

Knowledge of Security Analysis & Response a plus, including both endpoint, network & cloud based environments

4 years experience with Security Operation Centers tooling and processes

Relevant bachelor''s degree or industry recognized qualifications (CISSP, GIAC, SIEM Vendor Qualification etc)

Ability to create, read, and understand technical design documentation

Rate:
£0/year
Location:
Remote
IR35 Status:
Undetermined
Remote Status:
Remote
Industry:
IT
Seniority Level:
Not Specified

Take-Home Pay

Not Available

Visit calculators for additional details

Create a free account to view the take-home pay for this contract

Share job