Lead SOC Engineer (SIEM)

Job Purpose

The SOC Senior Engineer, Splunk, is a critical role responsible for delivering SIEM /SOAR management services, particularly focusing on Splunk, within the Security Operations Center (SOC). Working closely with the SOC Principal Engineer, SIEM, this role encompasses onboarding new log sources, enhancing and optimizing telemetry, ensuring system updates, resolving issues, and maintaining SIEM performance according to best practices. Reporting to the Senior SOC Engineering & Architecture Manager, the SOC Senior Engineer, Splunk, is a professional with a solid foundation in SOC operations.

Job Responsibilities

Key Focus Areas

Key Activities

Key Responsibilities:

• Deliver Splunk SIEM /SOAR management services within the SOC environment.
• Collaborate with the SOC Principal Engineer, SIEM, in onboarding new log sources to the SIEM/SOAR platform.
• Maintain and govern SOC critical log sources, ensuring their proper functionality and integration with Splunk SIEM /SOAR.
• Detect log source issues, coordinate with customers to diagnose and resolve them in a timely manner.
• Enhance and optimize telemetry within the Splunk environment to improve data collection, correlation, and reporting.
• Perform regular system updates to ensure Splunk functionality and security are up to date.
• Resolve Splunk-related issues promptly and efficiently.
• Maintain the performance of the Splunk SIEM /SOAR according to established best practices.
• Participate in continuous process improvements to increase SOC efficiency and effectiveness.
• Provide regular and accurate reports on Splunk services and SOC operations to relevant stakeholders.
• Contribute to SOC architecture strategy and implementation initiatives related to Splunk.
• Assist in the mentorship and development of junior SOC engineers.
  
  

Characteristics:

• Profound knowledge and hands-on experience with Splunk SIEM/SOAR and other related technologies like CRIBL.
• Strong understanding of cloud and network technologies, essential for efficient log source onboarding.
• Proven technical capabilities in a complex, fast-paced SOC environment.
• Ability to diagnose and troubleshoot log source issues related to cloud and network infrastructures.
• Strong understanding of SOC operations, cybersecurity principles, and best practices.
• Excellent problem-solving skills and the ability to make decisions under pressure.
• Ability to collaborate effectively with a variety of team members, including interfacing with customers to resolve issues.
• High proficiency in written and verbal communication
  
  

Job Specifications

Skills/Certifications (Technical & Non-Technical)

• Certified Information Systems Security Professional (CISSP), preferred.
• Certified Information Security Manager (CISM), preferred.
• Splunk Certified Architect or Splunk Certified Administrator.
• Cloud-related certifications like AWS Certified Solutions Architect, Google Professional Cloud Architect, or Microsoft Certified: Azure Solutions Architect Expert.
• Networking certifications such as CCNA or CCNP are advantageous.
  
  

Minimum Work Experience

• A minimum of 6 years of experience in SOC operations, with significant experience in Splunk SIEM management.
• Prior experience in a technical role within a SOC or similar cybersecurity environment.
  
  

Education

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.