Job Description

Short Description

Our client is looking for a skilled and experienced SIEM Engineer to join their cybersecurity team.

Bullet Points

Fully remote if the candidate stays further than 80km from Midrand R700k to 1.3million per annum + benefits Minimum of 5 years of experience in cybersecurity

Full

The primary responsibility of this role is to integrate log sources into Sentinel, using standard data connectors, troubleshooting and enhancing data connectors, developing custom connectors where required and optimising log ingestion.

Key Responsibilities:

?

Responsible for end-to-end integration of logs into Sentinel. Scope, plan and track log integration. Research, test and advise clients on audit configuration settings for log sources, to ensure that the right logs flow into Sentinel for threat detection. Deploy data connectors and troubleshoot data ingestion, including deployment of Function Apps, customisation and enhancement of Function App code where required, and development of custom log ingestion solutions. Validation of log parsing, fixing and enhancing existing parsers, and development of new parsers. Optimisation of collected logs to ensure the right events are collected and unnecessary events are filtered out to manage consumption and cost. Documentation of solution design, and development of technical processes and procedures to enhance our knowledge base and aid standardization efforts.

Secondary Responsibilities

Assist other Engineers in maintaining and enhancing our DevOps pipeline, to scale services across multiple clients, including code development and maintenance. Sentinel health checks and periodic maintenance, e.g. data connector updates. Rule fine-tuning, and integration of applicable changes from upstream rule repositories into our repo. Collaborate with Analysts and client cybersecurity professionals to refine detection strategies, improve detection accuracy and reduce false positives. Analyse security logs from various sources including cloud platforms services, firewalls, intrusion detection systems, VPN, web application firewalls, web and email filtering, identity and access management systems, endpoint protection and EDR, and other security tools.

Qualifications:

Minimum of 5 years of experience in cybersecurity. Minimum of 3 years of Sentinel design and implementation experience, including Linux deployment and administration. Solid experience working with security logs across multiple domains - identity and access, network, system, data, application, cloud - and multiple product types, e.g. firewalls, intrusion detection systems, VPN, web application firewalls, web and email filtering, identity directories and SSO, endpoint protection and EDR, and other security tools. Strong understanding of the threat landscape, common attack vectors, and threat actor tactics, techniques, procedures and tools. Experience with frameworks like MITRE ATTACK. Proficiency in data analysis and scripting languages (e.g., PowerShell, Python). Excellent problem-solving skills, attention to detail and quality delivery. Strong communication and teamwork skills. Ability to deliver in a fast-paced environment.

Why Join Our Client?

R700k to 1.3million per annum + benefits. Fully remote if the candidate stays further than 80km from Midrand Opportunity to work with cutting-edge technologies and a dynamic team.
Job Type: Full-time

Experience:

Cybersecurity: 5 years (Required) Sentinel: 3 years (Required)
Work Location: In person