SIEM Consultant

Ensign is hiring

Key Responsibilities

SIEM Architecture and Design:

• Design the SIEM architecture to align with the overall SOC design and organizational security requirements.
• Develop detailed technical plans for integrating the SIEM with existing IT and security infrastructures.

Implementation and Deployment:

• Deploy and configure the SIEM solution in an on-premise environment, ensuring compatibility with the organization's IT landscape.
• Establish and configure log ingestion pipelines from critical sources such as servers, endpoints, applications, firewalls, and cloud environments.

Optimization:

• Fine-tune the SIEM solution to improve performance, reliability, and scalability.
• Develop and implement use cases, correlation rules, dashboards, and reports tailored to the organization's needs.
• Optimize data ingestion and storage for cost efficiency and performance.

Operationalization:

• Create operational procedures and workflows for managing the SIEM, including alerting, reporting, and maintenance tasks.
• Collaborate with SOC analysts to ensure effective use of the SIEM in day-to-day operations.

Stakeholder Collaboration:

• Work closely with SOC architects, security analysts, and other stakeholders to ensure the SIEM integrates seamlessly with other SOC technologies.
• Engage with technical and business stakeholders to align SIEM capabilities with organizational goals.

Documentation and Training:

• Develop comprehensive documentation for the SIEM solution, including architecture diagrams, configuration guides, and operational manuals.
• Provide training to SOC staff on SIEM operations, including custom use cases and workflows.

Education:

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Experience:
• Minimum 5–7 years of hands-on experience with SIEM solutions (e.g., Splunk, QRadar or others).
• Proven experience in designing and deploying on-premise SIEM solutions.
• Experience in SOC environments and integrating SIEM with other SOC tools like SOAR, EDR, and threat intelligence platforms.

Skills:

• Strong knowledge of log management, data normalization, and the Common Information Model (CIM).
• Proficiency in designing SIEM use cases and writing correlation rules.
• Familiarity with threat detection methodologies and frameworks such as MITRE ATT&CK.
• Excellent troubleshooting and problem-solving skills.
• Strong communication and documentation skills.
• Certifications (Preferred):
• Relevant vendor certifications (e.g., Splunk Certified Architect, IBM QRadar Certified Specialist).
• Security certifications such as CISSP, CISM, or GIAC certifications (e.g., GCIA, GCIH)."