SIEM Analyst And Administrator

One of our clients is seeking an experienced and detail-oriented SIEM Analyst & Administrator to manage, optimize, and monitor enterprise SIEM environments, with a strong focus on LogRhythm SIEM solutions. This role requires an advanced-level candidate with strong hands-on SIEM and SOC experience.

Key Responsibilities

SIEM Administration & Management

• Manage and administer LogRhythm SIEM infrastructure and related components.
• Fine-tune SIEM use cases to reduce false positives and eliminate false negatives.
• Ensure overall health, performance, and availability of the SIEM platform and log sources.
• Troubleshoot SIEM platform, collectors, parsing, and log ingestion issues.
• Perform continuous maintenance, optimization, and upgrades of SIEM infrastructure.
• Create and maintain SIEM dashboards, reports, active channels, and correlation rules.

Log Source Integration & Monitoring

• Integrate and onboard various log sources including: Windows Servers, Linux Servers, Network Devices, Databases, Security Appliances, Cloud Platforms.
• Monitor security logs and correlated events from multiple environments.
• Develop and enhance SIEM use cases and detection logic based on emerging threats.
• Create custom alerts, filters, and real-time monitoring rules.

Security Operations & Incident Response

• Investigate, analyze, and respond to SIEM alarms and security incidents.
• Identify, categorize, prioritize, and triage security events according to SOPs and SLAs.
• Perform root cause analysis to determine incident severity, impact, and remediation actions.
• Document investigation findings and provide detailed incident analysis reports.
• Escalate incidents and coordinate with relevant teams when required.
• Support incident containment, remediation, and recovery activities.

Threat Detection & Vulnerability Management

• Detect potential threats, anomalies, and malicious activity across enterprise environments.
• Utilize frameworks such as MITRE ATT&CK to map threats and attack techniques.
• Conduct vulnerability assessments based on infrastructure scan findings.
• Provide mitigation recommendations and track remediation activities.
• Coordinate vulnerability notifications and follow-ups with internal teams.
• Generate vulnerability assessment and risk reports for management.

Reporting & Documentation

• Generate weekly and monthly SIEM operational and security reports.
• Maintain incident response documentation, SOPs, and knowledge base articles.
• Support continuous improvement of incident response plans and SOC procedures.
• Develop dashboards and executive-level security reporting metrics.

SOC Operations

• Operate within an 8x5 Security Operations Center (SOC) environment.
• Support extended working hours during major incidents or operational requirements.
• Collaborate with cross-functional teams to improve security posture and operational efficiency.

Required Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field.
• Minimum 5+ years of hands-on experience in LogRhythm SIEM administration and management.
• Minimum 5+ years of experience as a SOC Analyst using SIEM platforms.
• Strong experience in: security incident detection and response, malware analysis, log analysis and event correlation, vulnerability management, threat hunting and monitoring.
• Deep understanding of cybersecurity attack frameworks and methodologies including MITRE ATT&CK.
• Experience developing SOPs, incident response plans, and operational workflows.
• Strong troubleshooting and analytical problem-solving skills.
• Excellent communication and documentation abilities.

Preferred Skills

• Experience with enterprise SOC environments and security monitoring operations.
• Familiarity with Windows, Linux, network security, and cloud environments.
• Knowledge of security frameworks and compliance standards.
• Experience with threat intelligence integration and advanced threat detection.
• Relevant cybersecurity certifications are an advantage, such as: CEH, CompTIA Security+, CySA+, GCIA, GCIH, LogRhythm Certifications.

Key Competencies

• Incident Investigation & Response
• SIEM Engineering & Administration
• Security Monitoring & Threat Detection
• Vulnerability Assessment & Risk Mitigation
• Cybersecurity Operations
• Analytical Thinking & Problem Solving
• Documentation & Reporting
• Team Collaboration & Communication

Why Join?

• Opportunity to work in a dynamic enterprise-scale cybersecurity environment.
• Exposure to advanced SIEM technologies and security operations.
• Collaborative team culture with opportunities for professional development and certifications.
• Hands-on involvement in strengthening enterprise cyber defense capabilities.