Lead SOC Engineer (SIEM & SOAR)

The Lead Engineer – SOC (SIEM & SOAR) is responsible for delivering SIEM /SOAR management services, particularly focusing on Splunk SIEM and SOAR, within the Security Operations Center (SOC).

Requirements

• Deliver Splunk SIEM /SOAR management services within the SOC environment.
• Collaborate with the asset owner, client stakeholder, and SOC, in onboarding new log sources to the SIEM/SOAR platform.
• Maintain and govern SOC critical log sources, ensuring their proper functionality and integration with Splunk SIEM /SOAR.
• Detect log source issues, coordinate with customers to diagnose and resolve them in a timely manner.
• Enhance and optimize telemetry within the Splunk environment to improve data collection, correlation, and reporting.
• Perform regular system updates to ensure Splunk functionality and security are up to date.
• Resolve Splunk-related issues promptly and efficiently.
• Maintain the performance of the Splunk SIEM /SOAR according to established best practices.
• Design SOAR Playbooks to enhance automation and orchestration of incidents.
• Connect SOAR with SIEM, ticketing systems (e.g., ServiceNow), threat intelligence platforms, and endpoint tools.
• Participate in continuous process improvements to increase SOC efficiency and effectiveness.
• Provide regular and accurate reports on Splunk services and SOC operations to relevant stakeholders.
• Contribute to SOC architecture strategy and implementation initiatives related to Splunk.
• Assist in the mentorship and development of junior SOC engineers.

Benefits

• Competitive salary
• Benefits package
• Opportunities for professional growth and development