Job Description
Job Description
Job Description
Position Summary
The SIEM Engineer is responsible for designing, implementing, tuning, and maintaining Security Information and Event Management (SIEM) systems across both regulated (FISMA High, FedRAMP) and commercial client environments. This role ensures comprehensive log visibility, threat detection fidelity, and compliance-aligned telemetry, forming a central pillar in the MSSP's security monitoring architecture.
Key ResponsibilitiesPlatform Architecture & Deployment
- Design and deploy SIEM instances (e.g., LogRhythm for regulated, Elastic Stack for commercial clients) across cloud and on-premise environments.
- Build scalable log ingestion pipelines leveraging FIPS 140-3 validated cryptographic modules when required.
- Engineer multi-tenant configurations with strict client isolation controls.
Log Integration & Normalization
- Onboard log sources from firewalls, servers, endpoints, and SaaS platforms.
- Normalize and parse logs to ensure consistency, searchability, and structured alerting.
- Maintain and document the log source catalog and retention policies.
Use Case Development & Tuning
- Collaborate with analysts and threat intelligence teams to build and optimize detection rules.
- Tune alert thresholds to minimize false positives while maintaining sensitivity.
- Conduct rule audits and implement playbook-driven updates.
Automation & Optimization
- Integrate SIEM with SOAR platforms for automated incident response.
- Develop or enhance detection and response workflows using scripting or playbook engines.
- Benchmark performance and optimize query performance.
Qualifications
- Bachelor’s degree in Cybersecurity, Information Systems, or related field (or equivalent experience).
- 3–5 years of experience in SIEM engineering or log management roles.
- Experience with LogRhythm, Elastic Stack, Splunk, or comparable platforms.
- Familiarity with regulatory control frameworks (e.g., NIST 800-53, FedRAMP, PCI-DSS).
- Strong knowledge of log formats (e.g., Syslog, JSON, Windows Event Logs).
- Proficiency in scripting (e.g., Python, PowerShell, Regex) for parsing and automation.
Additional Requirements
- Experience in a multi-tenant MSSP or SOC environment.
- Certifications: LogRhythm Certified Professional, Elastic Certified Engineer, GCIA, or equivalent.
- Familiarity with SOAR platforms (e.g., Swimlane, Palo Alto XSOAR).
- U.S. Citizen with the ability to obtain or maintain a security clearance.
Job Tags