SIEM Architect

Job Description for SIEM Architect

The SIEM Architect is a client-facing role, responsible for architecting SIEM solutions to improve the security value, service management, and scalability for our clients. A working knowledge of SIEM, threat trends and vectors, and IT/IS architectural design are paramount. This individual will work under the supervision of Master SIEM Architects and Management while partnering with the client to deliver robust SIEM designs and implementations.

This function will work closely with the client to understand the current and target state of the SIEM and insure effective and efficient incident identification, resolution and root-cause analysis is leveraged through productive implementation of the platform.

The most successful candidate will be a strong technologist with a practical mind and creativity. This candidate must be able to effectively collaborate with the clients Information Security and IT/IS teams to deliver optimal results for the client. In addition, the SIEM Architect must be able to clearly and successfully communicate with a demonstrated understanding of business and technical requirements of the client.

Job Responsibilities

Align with client needs and operational performance to identify opportunities for improvement/enhancement of their security operations center and infrastructure.

Partner with the client to evaluate existing log & data domains, SIEM processes and tools and effectiveness measures to identify critical elements, weaknesses, and opportunities for improvement.

Work independently and in concert with others to architect solutions that have a measurable impact on security value, service management and client satisfaction.

Creation of architecture diagrams, workflow models and proposals/presentations to key stakeholders who have a wind range of business, security, and IT experience.

Deliver high-level plans for architecting recommended solutions for hybrid environment.

Coordination with the key stakeholders to gather requirements and design the solutions to support those requirements.

Proficient at developing and creating reference architectures and models with proper documentation.

Architect solutions to drive salability, efficiency, and automation, which may include changes to people, process and technology.

Provide consulting services via interactive client sessions to assist with implementation, support, and usage of multiple product vendors and technologies.

Perform other duties as assigned.

Qualifications

Masters degree, or demonstrated experience and delivery in information security, data management or computer science.

7-10+ years of applied technology experience in defining strategy around security monitoring, incident management, regulatory compliance and process improvement.

Demonstrated expert level experience with Qradar, Splunk, Sentinel and Hadoop, including log consolidation, correlation, content creation, workflow management and process improvement.

5+ years hands on experience creating rules, alerts, content and reports within a complex SIEM environment.

Familiarity with Cyber Kill Chain methodologies

Excellent Unix / Linux skills required

Familiarity with Windows WEF Framework

Understanding of Network Firewalls, Load Balancers and Complex System Designs

Expert troubleshooting and break fix experience with SIEM environments required

Excellent written and verbal communication skills

Active professional security certifications (i.e. CISSP), open source project, security research or design/framework contributions or other current initiatives around information management, data and content modeling and large data analytics.

Expertise in FLEXConnector framework development and strong Regex skills required

Good command on Python, Perl, SQL, Regex and Shell Scripting is preferred

Experience installing and maintaining open-source log capture technologies such as Syslog-NG, Snare, LogStash, MSCOM etc is preferred

3-5 Years experience working with Incident Response handling or inside a Security Operations Center.

Ability to rapidly understand clients business strategies and possess the capability to apply creative problem-solving skills to deliver high impact solutions to meet their business needs.

•

Last updated on Aug 9, 2023