SOC Engineer

Job Description:

The SOC Engineer, SIEM, is a technical role focused on supporting the delivery of SIEM management services within the Security Operations Center (SOC). The SOC Engineer collaborates with other members of SOC Engineering, serving as a first point of contact for the resolution of common issues and queries from the analyst team or customers, with a specific focus on log source and SIEM health checks. Although not required to be an expert in any SIEM, this role requires some SIEM experience, certifications, and strong foundations that will contribute to progression into a senior engineer role. Reporting to the Senior SOC Engineering & Architecture Manager, this role is suited for a professional with over 2 years of experience in SOC operations.

Responsibilities:

• Assist in delivering SIEM management services within the SOC.
• Support the SIEM Engineering team, in managing and resolving common SIEM issues.
• Act as a first point of contact for queries and issues from the analyst team or customers, particularly relating to log source and SIEM health checks.
• Assist in the onboarding of new log sources to the SIEM platform.
• Participate in enhancing and optimizing telemetry within the Splunk environment.
• Support regular system updates to maintain Splunk functionality and security.
• Contribute to maintaining the performance of the Splunk/Sentinel SIEM according to established best practices.
• Assist in continuous process improvements to increase SOC efficiency and effectiveness.
• Provide regular reports on Splunk services and SOC operations as required.
• Contribute to SOC architecture strategy and implementation initiatives related to Splunk.
  
  

• Knowledge and experience with any SIEM like Splunk, QRadar, Sentinel, LogRhythm, FortiSIEM and other related technologies such as CRIBL.
• Understanding of cloud and network technologies, essential for efficient log source onboarding.
• Experience in a complex, fast-paced SOC environment.
• Ability to diagnose and troubleshoot log source issues related to cloud and network infrastructures.
• Understanding of SOC operations, cybersecurity principles, and best practices.
• Problem-solving skills and the ability to work under pressure.
• Ability to collaborate effectively with a variety of team members, including interfacing with customers to resolve issues.
• High proficiency in written and verbal communication.
  
  

• Splunk Certified User or Splunk Certified Power User, preferred.
• Other relevant SIEM certifications are advantageous.
• Certifications in cloud or network technologies like AWS Certified Cloud Practitioner, Google Associate Cloud Engineer, Microsoft Certified: Azure Fundamentals, or CCNA would be beneficial.
  
  

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• A minimum of 2 years of experience in SOC operations, with some experience in Splunk SIEM management.
• Prior experience in a technical role within a SOC or similar cybersecurity environment.