Lead SOC Engineer (SIEM & SOAR)

Overview

The Lead Engineer – SOC (SIEM & SOAR) is a critical role responsible for delivering SIEM /SOAR management services, particularly focusing on Splunk SIEM and SOAR, within the Security Operations Center (SOC). This role encompasses working closely with the SOC Internal and external teams to facilitate onboarding new log sources, enhancing and optimizing telemetry, ensuring system updates, resolving issues, and maintaining SIEM performance, automation and orchestration, designing playbooks according to best practices achieved through SOAR Solution.

Responsibilities

Key Responosibilities

• Deliver Splunk SIEM /SOAR management services within the SOC environment.
• Collaborate with the asset owner, client stakeholder, and SOC, in onboarding new log sources to the SIEM/SOAR platform.
• Maintain and govern SOC critical log sources, ensuring their proper functionality and integration with Splunk SIEM /SOAR.
• Detect log source issues, coordinate with customers to diagnose and resolve them in a timely manner.
• Enhance and optimize telemetry within the Splunk environment to improve data collection, correlation, and reporting.
• Perform regular system updates to ensure Splunk functionality and security are up to date.
• Resolve Splunk-related issues promptly and efficiently.
• Proficiency in field extractions, data normalization, and CIM (Common Information Model) compliance.
• Maintain the performance of the Splunk SIEM /SOAR according to established best practices.
• Design SOAR Playbooks to enhance automation and orchestration of incidents.
• Connect SOAR with SIEM, ticketing systems (e.g., ServiceNow), threat intelligence platforms, and endpoint tools.
• Experience with platforms like Splunk SOAR (Phantom), Forti SOAR, or Cortex XSOAR.
• Participate in continuous process improvements to increase SOC efficiency and effectiveness.
• Provide regular and accurate reports on Splunk services and SOC operations to relevant stakeholders.
• Contribute to SOC architecture strategy and implementation initiatives related to Splunk.
• Assist in the mentorship and development of junior SOC engineers.
  
  

Characteristics

• Profound knowledge and hands-on experience with Splunk SIEM/SOAR and other related technologies like CRIBL.
• Understanding of SOC workflows, MITRE ATT&CK framework, and threat detection methodologies.
• Ability to correlate data across multiple sources to identify patterns and anomalies.
• Strong understanding of cloud and network technologies, essential for efficient log source onboarding.
• Proven technical capabilities in a complex, fast-paced SOC environment.
• Ability to diagnose and troubleshoot log source issues related to cloud and network infrastructures.
• Strong understanding of SOC operations, cybersecurity principles, and best practices.
• Excellent problem-solving skills and the ability to make decisions under pressure.
• Ability to collaborate effectively with a variety of team members, including interfacing with customers to resolve issues.
• High proficiency in written and verbal communication.
  
  

Qualifications

Skills/Certifications

• Splunk Certified Architect or Splunk Certified Administrator.
• Mastery of SPL (Search Processing Language) for complex queries, dashboards, and reports.
• Python scripting skills.
• Experience with platforms like Forti SOAR, Splunk SOAR (Phantom), Cortex XSOAR etc.
• Cloud-related certifications like AWS Certified Solutions Architect, Google Professional Cloud Architect, or Microsoft Certified: Azure Solutions Architect Expert.
• Certified Information Systems Security Professional (CISSP), GIAC is preferred
• Networking certifications such as CCNA or CCNP are advantageous.
  
  

Minimum Work Experience

A minimum of 8 years of experience in SOC operations, with significant experience in Splunk SIEM management.

Prior experience in a technical role within a SOC or similar cybersecurity environment.

Education

Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.