L2 SIEM Engineer at Liquid Intelligent Technologies

Role Requirements 

• Maintains the integrity and security of servers and systems.
• Sets up administrator and service accounts.
• Maintain system documentation and standard operating procedures.
• Makes recommendations to purchase hardware and software, coordinates installation and provides backup recovery.
• Develops and monitors policies and standards for allocation of SIEM resources.
• Provides advice and training to end-users.
• Provides guidance and work leadership to less-experienced staff members and may have supervisory responsibilities.
• Maintains current knowledge of relevant technologies as assigned.
• Participates in special projects as required.
• Deploy new SIEM logging, playbooks, device connectors as required to collect data feeds.
• Provide capability to analyse SIEM output and interpret reports. 
• Integration of data feeds (logs) into SIEM.
• Perform content development to properly identify data feeding to the SIEM. 
• Develop filters to assist in the identification of significant events.
• Develop reports (manual and automated) to support the development, collection, and reporting of quality assurance and performance metrics (as defined by the client) .
• Develop dashboards/reports for external customers for system monitoring. 
• Provide ad-hoc training to analysts focusing on specific client missions, including generic SIEM training sessions and Custom Use Case training sessions.
• Provide recommendations and implement changes to optimize SIEM products in the customer environment. 
• Support the client in fact finding or case supporting tasks as it relates to SIEM. 
• Evaluate relative SIEM product advancements and provide recommendations to the customer.
• Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
• Provides technical support in the monitoring of firewalls, intrusion detection systems, and enterprise anti-virus and software deployment tools. 
• Develops implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications.
• Able to implement an Azure Sentinel SIEM solution end to end with the ability to leverage cost efficiencies from the Azure stack.

Qualifications & Education Requirements 

• Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical certifications.
• One or more of these industry Cybersecurity Certifications: CISM, CEH, OSCP, CompTiA Security Plus, as well any SIEM related qualification. The Microsoft AZ500 and SC200 qualifications will be highly advantageous.
• Strong analytical and organizational skills.
• Concise writing skills, excellent MS Word skills as well as other MS Office Applications.
• Experience with securing various environments preferred.
• Experience in working across security technologies.
• Managed security services experience across complex architectures.
• In depth understanding of the role of incident analysis tools.
• In depth understanding of various types of log analysis.
• Prior experience to advise, plan, deploy, configure, manage and monitor large scale and complex cyber defence and IT risk management and information or cybersecurity solutions  

Experience Required 

• Minimum of four (4) years of work experience and two (2) years of relevant experience in SIEM engineering in a Security Operations Center [SOC] 
• Two years’ experience implementing Azure Sentinel SIEM solutions.