Lead SOC Engineer (SIEM)
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Overview The Lead Engineer – SOC (SIEM) is a critical role responsible for delivering SIEM management services, particularly focusing on Splunk SIEM and Splunk UEBA, within the Security Operations Center (SOC).
Key Skills for This Role
Full Job Posting
Overview
The Lead Engineer – SOC (SIEM) is a critical role responsible for delivering SIEM management services, particularly focusing on Splunk SIEM and Splunk UEBA, within the Security Operations Center (SOC).
Working closely with the SOC Team this role encompasses onboarding new log sources, enhancing and optimizing telemetry, ensuring system updates, resolving issues, and maintaining SIEM performance, designing SIEM Architecture and deployments based on customized business requirements.
Key Responsibilities
- Deliver and Lead Splunk SIEM management services within the SOC environment.
- Architect scalable and resilient Splunk-based SIEM solutions.
- Define data ingestion strategies, parsing logic, and correlation rules.
- Collaborate with the asset owner, client stakeholder, and SOC, in onboarding new log sources to the SIEM platform.
- Maintain and govern SOC critical log sources, ensuring their proper functionality and integration with Splunk SIEM.
- Detect log source issues, coordinate with customers to diagnose and resolve them in a timely manner.
- Enhance and optimize telemetry within the Splunk environment to improve data collection, correlation, and reporting.
- Collaborate with SOC and threat intelligence teams to develop detection use cases.
- Implement dashboards, alerts, and reports for proactive threat monitoring.
- Perform regular system updates to ensure Splunk functionality and security are up to date.
- Resolve Splunk-related issues promptly and efficiently.
- Proficiency in field extractions, data normalization, and CIM (Common Information Model) compliance.
- Maintain the performance of the Splunk SIEM according to established best practices.
- Participate in continuous process improvements to increase SOC efficiency and effectiveness.
- Provide regular and accurate reports on Splunk services and SOC operations to relevant stakeholders.
- Contribute to SOC architecture strategy and implementation initiatives related to Splunk in the pre-sales phase when required.
- Plan and execute Splunk version upgrades and feature rollouts.
- Evaluate and deploy new Splunk apps and add-ons.
Characterstics
- Profound knowledge and hands-on experience with Splunk SIEM and other related technologies like CRIBL.
- Understanding of SOC workflows, MITRE ATT&CK framework, and threat detection methodologies.
- Ability to correlate data across multiple sources to identify patterns and anomalies.
- Strong understanding of cloud and network technologies, essential for efficient log source onboarding.
- Proven technical capabilities in a complex, fast-paced SOC environment.
- Ability to diagnose and troubleshoot log source issues related to cloud and network infrastructures.
- Strong understanding of SOC operations, cybersecurity principles, and best practices.
- Excellent problem-solving skills and the ability to make decisions under pressure.
- Ability to collaborate effectively with a variety of team members, including interfacing with customers to resolve issues.
- High proficiency in written and verbal communication
Skills & Certificates
- Splunk Certified Architect or Splunk Certified Administrator.
- Mastery of SPL (Search Processing Language) for complex queries, dashboards, and reports.
- Scripting skills (Python, Bash, PowerShell)
- Cloud-related certifications like AWS Certified Solutions Architect, Google Professional Cloud Architect, or Microsoft Certified: Azure Solutions Architect Expert.
- Certified Information Systems Security Professional (CISSP), GIAC is preferred.
- Excellent communication and documentation skills
- Ability to lead technical initiatives and work independently
Education
Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
Minimum Work Exp
A minimum of 8 years of experience in SOC operations, with significant experience in Splunk SIEM management
Prior experience in a technical role within a SOC or similar cybersecurity environment.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at CPX
SOC Platform Engineer
Abu Dhabi Emirate, UAE
CPX is hiring a SOC Platform Engineer with at least 4 years of experience to manage Threat Intelligence Platforms and other SOC solutions. The role involves platform management, integration with SOC tools, automation dev
Associate Consultant – Cyber Consulting Services
Abu Dhabi Emirate, UAE
We are seeking an Associate Consultant to support Cyber Academy engagements including training, advisory, cyber exercises, and awareness. You will assist in developing training materials, conducting research, and support
Senior Specialist Threat Intelligence Analyst
Abu Dhabi, UAE
CPX is seeking a Lead Threat Intelligence Analyst to conduct all-source intelligence analysis, manage threat intelligence platforms, and produce high-quality assessments. The ideal candidate has 8+ years of experience in
Lead - Threat Intelligence
Abu Dhabi, UAE
CPX seeks a Lead Threat Intelligence Analyst to conduct all-source intelligence analysis, manage threat intelligence platforms, and produce high-quality intelligence products. The role requires strong analytical skills,
Junior Legal Counsel
Abu Dhabi, UAE
CPX is looking for a Junior Legal Counsel to provide legal advice on technology transactions, corporate governance, regulatory, compliance, and intellectual property matters. The role requires 1-3 years of PQE with compl
Specialist - HSE
Abu Dhabi, UAE
CPX seeks an experienced HSE Officer to ensure health, safety, and environmental governance during OT cybersecurity and critical infrastructure projects in substations and control centers. The role involves managing HSE
Lead Consultant - Client Success (CPX)
Abu Dhabi, UAE
CPX is hiring a Lead Consultant to serve as a trusted cybersecurity advisor and client success lead for managed security services clients. The role involves driving customer success, service governance, technical advisor
Lead Engineer - OT Cybersecurity
Abu Dhabi, UAE
CPX is seeking a Lead Engineer - OT Cybersecurity to implement OT cybersecurity solutions in utility environments and substations. The role involves hands-on deployment of cybersecurity technologies, infrastructure desig
SOC Platform Engineer
Abu Dhabi Emirate, UAE
Associate Consultant – Cyber Consulting Services
Abu Dhabi Emirate, UAE
Senior Specialist Threat Intelligence Analyst
Abu Dhabi, UAE
Lead - Threat Intelligence
Abu Dhabi, UAE
Junior Legal Counsel
Abu Dhabi, UAE
Specialist - HSE
Abu Dhabi, UAE
Lead Consultant - Client Success (CPX)
Abu Dhabi, UAE
Lead Engineer - OT Cybersecurity
Abu Dhabi, UAE