Lead SOC Engineer (SIEM)

Overview

Key Responsibilities

• Deliver and Lead Splunk SIEM management services within the SOC environment.
• Architect scalable and resilient Splunk-based SIEM solutions.
• Define data ingestion strategies, parsing logic, and correlation rules.
• Collaborate with the asset owner, client stakeholder, and SOC, in onboarding new log sources to the SIEM platform.
• Maintain and govern SOC critical log sources, ensuring their proper functionality and integration with Splunk SIEM.
• Detect log source issues, coordinate with customers to diagnose and resolve them in a timely manner.
• Enhance and optimize telemetry within the Splunk environment to improve data collection, correlation, and reporting.
• Collaborate with SOC and threat intelligence teams to develop detection use cases.
• Implement dashboards, alerts, and reports for proactive threat monitoring.
• Perform regular system updates to ensure Splunk functionality and security are up to date.
• Resolve Splunk-related issues promptly and efficiently.
• Proficiency in field extractions, data normalization, and CIM (Common Information Model) compliance.
• Maintain the performance of the Splunk SIEM according to established best practices.
• Participate in continuous process improvements to increase SOC efficiency and effectiveness.
• Provide regular and accurate reports on Splunk services and SOC operations to relevant stakeholders.
• Contribute to SOC architecture strategy and implementation initiatives related to Splunk in the pre-sales phase when required.
• Plan and execute Splunk version upgrades and feature rollouts.
• Evaluate and deploy new Splunk apps and add-ons.

Characterstics

• Profound knowledge and hands-on experience with Splunk SIEM and other related technologies like CRIBL.
• Understanding of SOC workflows, MITRE ATT&CK framework, and threat detection methodologies.
• Ability to correlate data across multiple sources to identify patterns and anomalies.
• Strong understanding of cloud and network technologies, essential for efficient log source onboarding.
• Proven technical capabilities in a complex, fast-paced SOC environment.
• Ability to diagnose and troubleshoot log source issues related to cloud and network infrastructures.
• Strong understanding of SOC operations, cybersecurity principles, and best practices.
• Excellent problem-solving skills and the ability to make decisions under pressure.
• Ability to collaborate effectively with a variety of team members, including interfacing with customers to resolve issues.
• High proficiency in written and verbal communication

Skills & Certificates

• Splunk Certified Architect or Splunk Certified Administrator.
• Mastery of SPL (Search Processing Language) for complex queries, dashboards, and reports.
• Scripting skills (Python, Bash, PowerShell)
• Cloud-related certifications like AWS Certified Solutions Architect, Google Professional Cloud Architect, or Microsoft Certified: Azure Solutions Architect Expert.
• Certified Information Systems Security Professional (CISSP), GIAC is preferred.
• Excellent communication and documentation skills
• Ability to lead technical initiatives and work independently

Education

Minimum Work Exp