Lead SIEM Engineer

Job Purpose

The Lead SOC Engineer, SIEM has a vital role in the SOC that encompasses technical leadership, SIEM architecture design, and pre-sales support. This position is responsible for overseeing the management and coordination of SIEM solutions, within the Security Operations Center (SOC). The SOC Principal Engineer will guide senior and junior engineers in day-to-day operations across multiple environments and customers, while also assisting in pre-sales estimations of SIEM licenses. Reporting to the Senior SOC Engineering & Architecture Manager, the SOC Principal Engineer, SIEM is a seasoned professional with over a decade of experience in SIEM operations.

Key Responsibilities:

• Lead the technical operations and management of SIEM tools including Splunk, Sentinel, LogRhythm, and FortiSIEM.
• Oversee the maintenance and functionality of the log collection layer, with a focus on tools like CRIBL.
• Ensure the health and functionality of SIEM systems through regular checks and maintenance activities.
• Oversee and manage SIEM licenses, including forecasting, tracking usage, and coordinating with sales for estimations and renewals.
• Optimize SIEM telemetry to ensure efficient and accurate data collection, correlation, and reporting.
• Develop and enforce logging standards across all customers, systems and platforms to maintain consistent and reliable log data
• Provide guidance and mentorship to SOC Engineers in managing and resolving issues related to SIEM services and log management.
• Participate in pre-sales activities to provide technical expertise and estimation for SIEM licenses and architectures.
• Collaborate with SOC Engineering & Architecture Manager to develop SIEM architecture strategies and implement initiatives.
• Assist in continuous process improvements to increase SOC efficiency and effectiveness.
• Provide regular and accurate reporting on SIEM services, SOC operations, and license management to relevant stakeholders.
  
  

Job Specifications

Skills/Certifications (Technical & Non-Technical)

• Extensive knowledge and hands-on experience with SIEM tools such as Splunk,
• Sentinel, LogRhythm, FortiSIEM, and log collection components like CRIBL.
• Proven technical leadership skills in a complex, fast-paced environment.
• Demonstrable pre-sales experience, particularly in estimating SIEM licenses.
• Strong understanding of SOC operations, cybersecurity principles, and best practices.
• Exceptional problem-solving skills and the ability to make decisions under pressure.
• Excellent mentorship and team development capabilities.
• High proficiency in written and verbal communication.
• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• Splunk Certified Architect, LogRhythm Security Analyst, or similar SIEM certifications are a must.
• Cloud-related certifications like AWS Certified Solutions Architect, Google Professional Cloud Architect, or Microsoft Certified: Azure Solutions Architect Expert.
• Networking certifications such as CCNA or CCNP are advantageous.
  
  

Minimum Work Experience

• A minimum of 10 years of experience including 6 years in SOC operations, with significant experience in Splunk SIEM management.
• Prior experience in a technical role within a SOC or similar cybersecurity environment.
  
  

Education

• Educational Experience:
• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• Prior leadership role experience within a SOC or similar cybersecurity environment.