We are looking for a SIEM Engineer Specialist to act as a technical reference in the deployment, support, evolution, and optimization of security monitoring platforms.

This professional will be responsible for all engineering of the SIEM ecosystem, ensuring the correct ingestion, processing, correlation, and analysis of security events from on-premises, cloud, and hybrid environments.

We are looking for a highly technical, hands-on, and results-oriented profile, with practical experience in IBM QRadar, Microsoft Sentinel, and Splunk, capable of designing scalable architectures, developing advanced use cases, and supporting the SOC operation in the continuous evolution of detection capabilities.

Challenges and Responsibilities:

• SIEM Architecture and Engineering
• Design, implement, and administer corporate SIEM environments;
• Define architecture for log collection, retention, and processing;
• Plan capacity, performance, and scalability expansion;
• Implement security, availability, and platform resilience best practices;
• Drive technological evolution of QRadar, Splunk, and Microsoft Sentinel environments.
• Log Source Integration
• Onboard new data sources;
• Implement connectors, agents, APIs, and custom integrations;
• Design and implement AI solutions applied to SOC operations;
• Develop automatic triage mechanisms (Alert Triage) to reduce N1 operational load;
• Implement automatic enrichment workflows using Generative AI, CTI, and external sources;
• Develop and maintain AI agents to support alert investigation;
• Automate classification, prioritization, and routing of security events;
• Implement advanced correlation mechanisms using Machine Learning and AI;
• Continuously evaluate automation opportunities to reduce MTTR, MTTD, and false positive volume;
• Integrate SIEM, SOAR, XDR, CTI, and AI platforms into automated investigation flows;
• Participate in the construction of AI-oriented SOCs (AI-Assisted SOC and Autonomous SOC).
• Develop and adjust parsers, DSMs, Data Connectors, and Data Collection Rules (DCRs);
• Ensure quality, integrity, and completeness of ingested events;
• Execute advanced troubleshooting of log ingestion.
• Parsing, Normalization, and Modeling
• Build and maintain parsing and normalization processes;
• Map events to security data models;
• Develop taxonomies, categorizations, and event enrichment;
• Ensure adherence to modeling best practices for correlation.
• Use Case Development
• Develop advanced correlation and detection rules;
• Create behavior-based, anomaly-based, and indicator-based alerts;
• Map detections to the MITRE ATT&CK framework;
• Develop reusable and standardized security content;
• Participate in the creation and maintenance of the SOC use case catalog.
• Tuning and Optimization
• Perform continuous tuning of rules and alerts;
• Reduce false positives and false negatives;
• Evaluate detection coverage and monitoring gaps;
• Implement detection quality metrics;
• Support Detection Engineering initiatives.
• Automation and Integrations
• Develop automations for SOC operational processes;
• Integrate SIEM with EDR, XDR, SOAR, CTI, ITSM, and other security solutions;
• Create scripts using Python, PowerShell, Bash, and KQL;
• Participate in the construction of playbooks and automated workflows.
• Platform Support and Governance
• Monitor the health and availability of SIEM environments;
• Manage upgrades, patches, and changes;
• Produce technical documentation and operational procedures;
• Support audits and compliance initiatives;
• Define onboarding and data quality standards.
• Technical Support to SOC
• Act as a technical reference for N1, N2, and N3 analysts;
• Support complex investigations related to SIEM rules and events;
• Participate in root cause analysis of relevant incidents;
• Contribute to the evolution of SOC operational processes.

Required Requirements:

• Minimum of 3 years of experience in SIEM Engineering and SOC Operations;
• Experience with IBM QRadar, Microsoft Sentinel, or Splunk;
• Practical experience with log source onboarding and integration troubleshooting;
• Solid knowledge of event parsing, normalization, and modeling;
• Experience in creating and tuning correlation rules;
• Advanced knowledge of the MITRE ATT&CK framework;
• Knowledge of TCP/IP networks, protocols, DNS, HTTP, Syslog, and authentication;
• Experience with Windows, Linux, and Cloud environments;
• Knowledge in KQL, SPL, AQL, and automation languages (Python, PowerShell, or Bash);
• Experience with EDR/XDR, firewall, Active Directory, Microsoft 365, and Cloud platform integration;
• Experience with the use of AI applied to SOC/SIEM.

Differentials:

• Experience with SOAR (Microsoft Sentinel Automation, Cortex XSOAR, Splunk SOAR, QRadar SOAR);
• Experience with Cribl, Kafka, or Security Data Pipelines;
• Experience with Data Lake and modern observability architectures;
• Experience in MSSP or multi-environment SOC operations;
• Knowledge of Detection Engineering;
• Knowledge of Threat Hunting;
• Experience with AWS, Azure, and Google Cloud Platform;
• Knowledge in LLMs (OpenAI, Claude, Gemini, Llama);
• Knowledge in AI agent frameworks;
• Experience with n8n, LangChain, CrewAI, AutoGen, or similar solutions;
• Experience with SOC automation using SOAR and Generative AI;
• Experience in building investigation assistants for SOC;
• Experience with Microsoft Security Copilot;
• Experience with Splunk AI Assistant;
• Experience with Microsoft Sentinel Fusion and ML-based Analytics Rules.

Access the link below and

enter the code NAVA-CIBERESPSIEM

to start the job interview:

https://entrevista.starmindai.ai