SIEM Engineer Job Description
SIEM Engineer Duties & Responsibilities
To write an effective SIEM engineer job description, begin by listing detailed duties, responsibilities and expectations. We have included SIEM engineer job description templates that you can modify and use.
Sample responsibilities for this position include:
SIEM Engineer Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for SIEM Engineer
List any licenses or certifications required by the position: CISSP, CISA, CEH, NSA, HBSS, CCSE, GIAC, CISM, SIEM, SANS
Education for SIEM Engineer
Typically a job would require a certain level of education.
Employers hiring for the SIEM engineer job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Education, Engineering, Information Technology, Cyber Security, Technical, Information Systems, Management, Science
Skills for SIEM Engineer
Desired skills for SIEM engineer include:
Desired experience for SIEM engineer includes:
SIEM Engineer Examples
SIEM Engineer Job Description
- Designing, maintaining and troubleshooting the SIEM environment
- Implement changes of SIEM infrastructure
- Create, maintain and consult security monitoring measures
- Building SIEM infrastructure for new customers
- Building SIEM infrastructure for new customers during onboarding projects
- Creation of high level and low level design of SIEM infrastructure
- Arrangements of connectivity/storage/equipment for purposes of SIEM projects
- Implementing security monitoring rules in a SIEM tooling, according to the business needs
- Reporting progress of above tasks to Project Managers
- Facilitation of AlienVault Change Requests (upgrades, break fixes ..)
- At least 6 months experience in Managed SIEM service within a large MSSP environment
- Experience with industry recognized SIEM solutions such as ArcSight, Splunk, LogRhythm, AlienVault
- Relevant IT certifications such as CCNA, CCNP, JNCIA
- Minimum of ten years managing/utilizing a SIEM solution
- Extensive experience from design and implementation of the latest SIEM tools, ideally Splunk or ArcSight
- Excellent knowledge of Threat & Vulnerability management tools (subject matter experts in other SIEM tools the likes of Qradar, McAfee, RSA
SIEM Engineer Job Description
- Security specialist certifications
- SIEM certifications (ArcSight, Trustwave, Q1Labs, etc)
- Detect, analyze and remove malicious network traffic, identify and contain threats
- Setup and customize SIEM and DLP tools
- Review suspicious patterns and signatures and write custom ones to detect malware
- Perform network security scans, identify weaknesses and remediate vulnerabilities
- Perform forensics on systems and laptops ensuring appropriate chain of custody
- Strong understanding of SEIMs, IDS, IPS, DLP and associated technologies
- Hardening Linux and Windows, experience in shell scripting
- Web applications and associated attack vectors
- At least 6 months experience in QRadar SIEM 7.x
- Commercial experience on at least two prior SIEM engagements (full life-cycle) is essential
- Strong experience in developing dashboards would be highly desirable
- Exposure to Financial Services industry, ideally working in an end user environment
- Excellent knowledge of relevant information security compliance guidelines
- Relevant security (& vendor) accreditations, highly desirable
SIEM Engineer Job Description
- Static and Dynamic analysis of malware / Reverse Engineering is a plus
- Form strong business relationships with the customer at various levels throughout the organization
- Be available 24x7 for the customer
- Troubleshoot and provide accurate and timely resolution to customer issues
- Serve as a customer advocate within Micro Focus by facilitating escalation of issues through appropriate internal organizations
- Pro-actively identify issues by becoming familiar with customer's technical and business environment while providing recommendations for resolution to these issues
- Prevent customer issues by reviewing their Micro Focus environment regularly, report and correct issues per customer requirements
- Share knowledge by writing technical documents and pro-actively sending helpful technical information to customer (upcoming patches, technical news)
- Deliver technical presentations and/or training to diverse audiences
- Assist in the implementation of Micro Focus products/solutions in line with specific Consulting engagements
- Able to normalize disparate logs from different systems in multiple formats to paint a cohesive picture of events occurring within the environment
- Knowledge of security controls and best practices including ISO 27001
- BSc of Computer Science or Engineering preferred
- Industry Certifications (CCNA, CISSP or similar) preferred
- 2 years or more of experience in IT Security
- 1 year or more of experience with supported technology (Q1 QRadar and/or ArcSight)
SIEM Engineer Job Description
- Responsible for the creation of procedures, implementation of processes and development of staff for managing and maintaining security systems across internal and client environments
- Participation in projects and project management as requested by customer or Micro Focus
- Design and generate data parsers as necessary to optimize ingestion of data from a wide variety of devices including servers, firewalls, IDS/IPS, VA appliances
- Facilitation of ArcSight Change Requests (upgrades, break fixes )
- Perform discovery and standards reviews of target environments
- Analyze environments and provide recommendations based upon industry standards
- Review, Design, and Architect SIEM solutions for customers
- Test and improve SIEM use cases
- Interface with industry groups and present at associated conferences
- Provide input and guidance on service development
- Extensive experience in the design, implementation, and enhancement of an enterprise level SIEM platform
- Significant experience with enterprise Windows and Linux based architectures and security design
- Knowledge and demonstrable experience of Security Information Event Management systems (Sentinel, Intel, QRadar, RSA, Splunk or other)
- Ability to perform basic scripting tasks with Splunk to automate repeatable processes using Python, PowerShell, Perl
- Splunk Certified Knowledge Manager, Splunk Certified Admin Certifications
- Competent with command line operating systems including UNIX and Linux
SIEM Engineer Job Description
- Act as thought leader to junior team members
- Develop advanced SIEM correlation rules, reports and dashboards to detect emerging threats
- Manage, develop and tune the scripts that integrate SIEM
- Monitor the impact of deploying new content to the health and performance of the SIEM
- Develop advanced reports to meet the requirements of key stakeholders
- Develop scalable security management tools and processes
- Engineers, configures and deploys Enterprise SIEM/SEM solutions
- Collaborate with application owners to define and establish logging standards to address various governance requirements
- Maintains enterprise Cyber Security Engineering requirements for SIEM including new and existing products
- Applies Cyber Security Engineering and Network Security Engineering expertise to optimize enterprise protection posture
- Ability to provide periodic Status Updates and Technical Presentations
- Experience with SIEM products, like QRadar, Splunk, ArcSight, McAfee ESM, LogRhythm
- Experience with log analysis from various formats
- Experience with custom SIEM definitions, rules, reports, and integrating logs from multiple security devices
- Experience working in Government environment is a plus
- University degree (Engineering or Science degree)