SIEM Administrator

SIEM Administrator

Department: Blue Mantis

Employment Type: Full Time

Location: Hybrid

Description

The SIEM Administrator is a critical and essential member of our 24x7 Security Operations team, responsible for the configuration of SIEM integrations, development and tuning of detection models, and customization of dashboards and reports. The ideal candidate is a passionate technologist, with a background in SIEM development and administration. The candidate should be familiar with various threat attack methods and frameworks, such as MITRE ATT&CK®. The SIEM administrator must be a strong collaborator capable of working collaboratively with penetration testing consultants, security analysts, threat hunters, and intelligence analysts to develop and refine the SIEM models.

Key Responsibilities

• Operates and maintains SIEM tools and components, such as log aggregators, forwarders, and data observability systems.
• Develops, tests, implements, and tunes new threat detection models.
• Develops content that enables cybersecurity personnel to take the maximum advantage of existing tool capabilities, including SOAR workflows, integrations, and automated tasks.
• Collaborates across cybersecurity roles and teams to integrate SIEM components with cybersecurity enrichment and analysis platforms and systems management tools.
• Creates and maintains architectural documentation and operational procedures that describe the scope, purpose, configuration, use and maintenance of the SIEM tools and environments.

Skills, Knowledge & Expertise

• 3+ years of experience working with a SIEM solution.
• Basic understanding of TCP/IP, DNS, DHCP, SMTP, FTP, and HTTP.
• Knowledge of SQL queries, having handled MYSQL or any RDBMS.
• Skill with scripting languages such as Python, Perl or Bash is a plus.
• Be a positive team player.
• Be a self-starter and take initiative.
• Ability to perform research, read documentation, and independently learn new skills.