SIEM Engineer

Role : SIEM Engineer

Duration : Contract / Full Time

Location : Provo UT

Job Summary :

The SIEM Engineer is responsible for the design, implementation, and management of Security Information and Event Management (SIEM) systems. This role involves monitoring security events, analyzing security incidents, and ensuring the integrity and security of the organization's information systems. The ideal candidate will have a strong background in cybersecurity, experience with SIEM tools, and the ability to collaborate with various teams to enhance the organization's security posture.

Key Responsibilities :

SIEM Implementation and Management :

Design, deploy, and manage SIEM solutions to collect, analyze, and correlate security data.

Configure and optimize SIEM tools to ensure effective monitoring and alerting.

Security Monitoring and Incident Response :

Monitor security events and alerts generated by the SIEM system.

Investigate and respond to security incidents, conducting root cause analysis and remediation.

Log Management :

Collect and analyze logs from various sources, including servers, network devices, and applications.

Ensure proper log retention and compliance with regulatory requirements.

Threat Detection and Analysis :

Develop and implement use cases for threat detection and incident response.

Analyze security incidents to identify trends and potential vulnerabilities.

Collaboration and Reporting :

Work closely with IT, network, and security teams to enhance overall security measures.

Prepare and present reports on security incidents, trends, and recommendations to management.

Continuous Improvement :

Stay updated on the latest security threats, vulnerabilities, and industry best practices.

Recommend improvements to security policies, procedures, and technologies.

Qualifications : Education :

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Experience :

• 3+ years of experience in cybersecurity, with a focus on SIEM engineering and security operations.
• Hands-on experience with SIEM tools such as Splunk, QRadar, ArcSight, or LogRhythm - including deployment, configuration, and optimization.
• Experience with log collection, parsing, normalization, and onboarding data sources (e.g., firewalls, servers, cloud services, identity platforms).
• Ability to create and tune correlation rules, detection use cases, and alerting mechanisms to reduce false positives and identify real threats.
• Familiarity with incident response processes, including triage, investigation, root cause analysis, and documentation.
• Proficient in log analysis for identifying threats, vulnerabilities, and anomalies in system or network behavior.
• Knowledge of security frameworks and standards (e.g., NIST, ISO 27001, MITRE ATT&CK).

Technical Skills :

Proficiency in log analysis, threat detection, and incident response.

Knowledge of security frameworks and compliance standards (e.g., NIST, ISO 27001, PCI-DSS).

Certifications :

Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Security+.

Soft Skills :

Strong analytical and problem-solving skills.

Excellent communication and interpersonal skills.

Ability to work collaboratively in a team-oriented environment.