Senior Data Protection Engineer (REMOTE)

About The Position

Requirements

• Minimum 5 years of hands‑on experience administering, managing, and maintaining: An on‑premise SIEM security solution, and An on‑premise IDS/IPS security solution
• Demonstrated experience ensuring high availability, governance alignment, and operational effectiveness of security monitoring technologies.
• Strong understanding of SIEM architecture, log ingestion pipelines, correlation logic, and event normalization.
• Expertise with IDS/IPS technologies, signature tuning, network traffic analysis, and threat detection methodologies.
• Proficiency with security log formats (syslog, JSON, CEF, LEEF, etc.).
• Familiarity with network protocols, firewall rules, and enterprise network architecture.
• Experience with Linux/Windows server administration as it relates to security tooling.
• Ability to analyze security events, identify patterns, and support incident response.
• Strong analytical and problem-solving abilities.
• Excellent communication skills for cross-team collaboration.
• Ability to work independently in a remote environment while managing multiple priorities.
• Detail-oriented mindset with a commitment to governance, documentation, and operational discipline.

Nice To Haves

• Industry certifications such as: GIAC (GCIA, GCDA, GCED, GMON), CompTIA Security+ / CySA+, CISSP or equivalent
• Experience with automation (Python, PowerShell, or similar).
• Familiarity with threat intelligence platforms and frameworks (MITRE ATT&CK, NIST CSF).

Responsibilities

• Manage, maintain, and optimize the on‑premise SIEM platform, including log ingestion, parsing, correlation rules, dashboards, and alerting.
• Ensure SIEM availability, performance, and scalability to support enterprise security monitoring needs.
• Develop and tune detection rules, correlation logic, and use cases aligned with threat intelligence and organizational risk.
• Oversee log source onboarding, configuration, and validation across servers, applications, network devices, and security tools.
• Conduct regular SIEM health checks, capacity planning, and lifecycle management.
• Administer and maintain on‑premise IDS/IPS platforms, ensuring accurate detection and prevention of malicious activity.
• Tune signatures, policies, and rulesets to reduce false positives while maintaining strong detection coverage.
• Monitor IDS/IPS performance, availability, and event trends to identify anomalies or operational issues.
• Coordinate with network and security teams to implement policy updates, rule changes, and architectural improvements.
• Ensure both SIEM and IDS/IPS solutions are aligned with security governance frameworks, compliance requirements, and organizational policies.
• Maintain documentation for system configurations, processes, runbooks, and governance controls.
• Support audit activities by providing evidence, reports, and system configuration details.
• Participate in incident response activities by providing SIEM/IDS/IPS insights, event analysis, and technical expertise.
• Evaluate emerging threats and recommend enhancements to detection logic and monitoring capabilities.
• Collaborate with architecture and leadership teams to align SIEM and IDS/IPS strategies with long‑term security objectives.
• Identify opportunities to automate processes, improve detection fidelity, and enhance operational efficiency.