Senior Associate-SIEM Implementation Engineer

About The Position

Requirements

• Hands-on experience with Microsoft Sentinel, Google SecOps, Palo Alto XSIAM, Devo, and Splunk.
• Strong understanding of SIEM architecture, implementation, integration, log management, and threat detection methodologies.
• Experience in developing and tuning security use cases and alerts.
• Proficiency in scripting languages such as Python, PowerShell, and Bash for automation and data processing.
• Experience with cloud platforms including Azure, GCP, and AWS.
• Knowledge of data pipeline tools including Cribl for log routing, enrichment, and deduplication.
• Familiarity with REST APIs, JSON, and integration of third-party security tools.
• Experience with SOAR platforms and playbook development for incident response automation.
• Understanding of security concepts such as cyber-attacks, threat vectors, risk management, and incident management.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication, documentation, and client engagement skills.
• Experience deploying SIEM content through CI/CD practices using GitHub, including version control, peer review, change tracking, and structured promotion of content across environments.
• Experience managing security data pipelines and ingestion workflows, including data transformation, normalization, troubleshooting, and platforms or capabilities such as DataBahn.
• Strong understanding of AI concepts and tools, with the ability to apply them in security-oriented use cases such as detection improvement, threat analysis, automation support, and security operations optimization.
• Proficiency in Microsoft Office tools, especially Excel, Word, PowerPoint, Teams, and Outlook, with the ability to create polished client-facing documents, trackers, presentations, and meeting outputs.
• Bachelor's degree in computer science, Cybersecurity, or related field.
• Minimum 3 years of experience in SIEM implementation and security operations.
• Demonstrated ability to work collaboratively across teams and manage multiple client engagements.
• Commitment to continuous learning and adapting to evolving cybersecurity technologies.

Nice To Haves

• Preferred certifications: Microsoft Certified: Security Operations Analyst Associate, SC-200, AZ-500, Google Professional Cloud Security Engineer, CISSP, CISM, GIAC.
• Experience in a consulting, client delivery, or professional services environment is preferred.

Responsibilities

• Lead technical deliverables for SIEM implementation and operations including Microsoft Sentinel, Google SecOps, Palo Alto XSIAM, and Devo.
• Perform Proof of Concept (PoC) and Proof of Value (PoV) engagements to evaluate SIEM capabilities and demonstrate value to stakeholders.
• Conduct SIEM assessments to identify gaps, recommend improvements, and align with security best practices.
• Develop and maintain data pipelines for log ingestion, normalization, and enrichment across cloud and on-prem environments.
• Integrate log sources using connectors, custom scripts, and parsers to ensure complete visibility and compatibility with SIEM platforms.
• Build use cases aligned with NIST and MITRE ATT&CK frameworks to enable detection at various stages of a cyber-attack.
• Implement detection rules using SPL/KQL with complex correlation across different data sources.
• Develop dashboards, alerts, and workbooks for security monitoring and reporting.
• Implement SOAR workflows using Logic Apps, Phantom, Demisto, and XSOAR platforms.
• Perform health checks, tuning, and optimization of SIEM platforms to ensure high performance and accuracy.
• Create and maintain documentation including SOPs, runbooks, architecture diagrams, and onboarding guides.
• Collaborate with cross-functional teams including SOC, threat hunters, infrastructure, and cloud teams to support delivery and ensure quality standards.
• Lead technical deliverables for SIEM implementation and security operations engagements, including log source onboarding, parser development, SIEM content deployment through CI/CD pipelines using GitHub, detection use case implementation, and operational readiness activities.
• Develop and support custom integrations to SIEM platforms, especially Microsoft Sentinel and Google SecOps, including scripts, APIs, parsers, data transformation logic, and data pipeline management activities such as DataBahn.
• Apply AI capabilities in a security-focused manner to improve detection engineering, content optimization, operational efficiency, and analytical outcomes while maintaining strong security and governance awareness.

Benefits

• competitive compensation package
• inclusive benefits
• flexibility programs