Live Jobs

We are seeking Support and Advisory Services

Our primary focus is on Splunk, but we also work with Microsoft Sentinel and Elastic.

---

Responsibilities

• Conduct assessments and translate existing detection rules from legacy SIEMs to the target platform.
• Support the RFP process to select a SIEM.
• Assist in the migration of prioritized data sources, including log validation, parsing, enrichment, and tagging.
• Ensure that business-critical alerting and correlation use cases are maintained or enhanced post-migration.
• Collaborate with internal SOC and engineering teams to implement scalable log ingestion pipelines and retention policies.
• Integrate with existing detection-as-code processes and related CI/CD pipelines for rule lifecycle management.
• Implement and test enrichment and contextual tagging using internal and external data sources.
• Assist in configuring federated search and ensuring data remains at rest in its respective environments.
• Validate the performance, fidelity, and coverage of translated detection logic using controlled datasets or historical log replay.
• Provide regular updates, documentation, and knowledge transfer sessions with internal teams.
• Deliver tuning recommendations and support post-migration optimization efforts.

---

Required Qualifications

• Educational Background: A university degree in Computer Science, Cybersecurity, Data Engineering, or a related field, or equivalent professional experience. A strong background in cybersecurity is highly preferred.

 

• Experience: 8–10 years in security architecture roles, with proven expertise in managing and integrating multiple SIEM platforms such as Splunk, Microsoft Sentinel, and Elastic.

 

• Technical Skills:
  • Hands-on experience in consolidating SIEM technologies across hybrid cloud and on-premises environments, including data source normalization, correlation rule migration, and log pipeline optimization.
  • Deep understanding of SIEM architecture, log ingestion pipelines, data parsing and enrichment, and custom alert development.
  • Extensive experience aligning SIEM configurations and operations with regulatory compliance requirements like PCI DSS, ISO 27001, HIPAA, and SOC 2, ensuring coverage of mandated logging, monitoring, and alerting controls.
  • Strong knowledge of security concepts such as threat detection, data privacy controls, threat modeling, and risk assessment, with an emphasis on their application across diverse SIEM ecosystems.
  • Experience in designing and maintaining scalable data pipelines to support security telemetry ingestion, transformation, storage, and analysis across distributed systems.

 

• Analytical and Problem-Solving Skills: Strong analytical and problem-solving abilities, with meticulous attention to detail and a demonstrated capacity to work cross-functionally with infrastructure, security, and business teams.

 

• Communication Skills: Excellent communication skills, capable of distilling complex technical details into clear insights for both technical and executive audiences.

We look forward to welcoming a skilled professional to our team who can help us achieve our goals and drive our security initiatives forward. If you are passionate about cybersecurity and have the required expertise, we encourage you to apply.

#LI-SO3