Lead SIEM Analyst

This role focuses on building, operating, and continuously improving SIEM capabilities for proactive threat detection, efficient investigations, and scalable security monitoring across a global, cloud-first enterprise. The Lead SIEM Analyst will design and implement SIEM solutions using CrowdStrike NGSIEM, onboard new log sources, develop custom parsers, and build detection rules aligned with MITRE ATT&CK. The role also involves creating dashboards, using CrowdStrike Query Language for investigations, managing log ingestion with Cribl, and developing automation for operational workflows.

Must Have

• Design, implement, and operate SIEM capabilities using CrowdStrike NGSIEM.
• Lead onboarding of new log sources, including development of custom parsers, field normalization, and data validation.
• Build, tune, and maintain detection rules, correlation logic, and alerting aligned with real-world threats and MITRE ATT&CK.
• Create and maintain dashboards and visualizations to support SOC operations, leadership reporting, and compliance requirements.
• Use CrowdStrike Query Language (CQL) for advanced investigations, threat hunting, and data analysis.
• Design and manage log ingestion pipelines using Cribl, including routing, enrichment, filtering, and transformation.
• Develop and maintain automation and API-based integrations to streamline data onboarding, detection deployment, and operational workflows.
• 5 - 8 years of hands-on experience in SIEM engineering, detection engineering, or security monitoring.
• Strong hands-on experience with CrowdStrike NGSIEM is required.
• Proven experience developing custom parsers and onboarding diverse log sources.
• Hands-on experience with CrowdStrike Query Language (CQL) or equivalent SIEM query languages.
• Strong experience building detection rules, dashboards, and alerting for SOC operations.
• Hands-on experience with Cribl for log routing, enrichment, and pipeline optimization.
• Experience with automation and API-based integrations.
• Solid understanding of security telemetry, log formats, and large-scale log ingestion architectures.

Good to Have

• CrowdStrike Certified Security Engineer (CCSE) certification.
• Experience supporting SOC or MSSP environments.
• Familiarity with compliance-driven monitoring (PCI-DSS, ISO 27001, SOC 2).
• Experience leading SIEM modernization or large-scale onboarding initiatives.
• Strong communication skills and ability to collaborate across engineering and security teams.

Scope :

This role will focus on building, operating, and continuously improving SIEM capabilities that enable proactive threat detection, efficient investigations, and scalable security monitoring across a global, cloud-first enterprise.

What You’ll do:

• Design, implement, and operate SIEM capabilities using CrowdStrike NGSIEM
• Lead onboarding of new log sources, including development of custom parsers, field normalization, and data validation
• Build, tune, and maintain detection rules, correlation logic, and alerting aligned with real-world threats and MITRE ATT&CK
• Create and maintain dashboards and visualizations to support SOC operations, leadership reporting, and compliance requirements
• Use CrowdStrike Query Language (CQL) for advanced investigations, threat hunting, and data analysis
• Design and manage log ingestion pipelines using Cribl, including routing, enrichment, filtering, and transformation
• Develop and maintain automation and API-based integrations to streamline data onboarding, detection deployment, and operational workflows
• Partner with SOC analysts, cloud teams, and platform owners to ensure high-quality, security-relevant telemetry
• Act as a technical escalation point for SIEM-related investigations and incident response
• Continuously improve detection fidelity, data quality, and SIEM performance
• Support audit and compliance initiatives (e.g., PCI-DSS, ISO 27001, SOC 2) through monitoring, reporting, and evidence generation
• Document SIEM architecture, data flows, detection logic, and operational runbooks

• Security Tech Stack / Tools
• SIEM & Detection
• CrowdStrike NGSIEM (primary)
• Splunk (acceptable alternative where NGSIEM experience is not available)
• Detection engineering, correlation rules, dashboards, and alerting
• Log & Data Engineering
• Cribl (pipelines, routing, enrichment, filtering)
• Custom parser development and log normalization
• Automation & Integration
• Python, PowerShell
• REST APIs, Webhooks
• Automation for SIEM operations and integrations
• Any SOAR Tool Experience

What We’re Looking For

• 5 - 8 years of hands-on experience in SIEM engineering, detection engineering, or security monitoring
• Strong hands-on experience with CrowdStrike NGSIEM is required
• Candidates without NGSIEM experience must demonstrate deep, hands-on SIEM engineering experience using Splunk in enterprise environments
• Proven experience developing custom parsers and onboarding diverse log sources
• Hands-on experience with CrowdStrike Query Language (CQL) or equivalent SIEM query languages
• Strong experience building detection rules, dashboards, and alerting for SOC operations
• Hands-on experience with Cribl for log routing, enrichment, and pipeline optimization
• Experience with automation and API-based integrations
• Solid understanding of security telemetry, log formats, and large-scale log ingestion architectures
• Ability to work effectively in a global, fast-paced environment

Preferred Skills / Nice to Have

• CrowdStrike Certified Security Engineer (CCSE) – strong plus
• Experience supporting SOC or MSSP environments
• Familiarity with compliance-driven monitoring (PCI-DSS, ISO 27001, SOC 2)
• Experience leading SIEM modernization or large-scale onboarding initiatives
• Strong communication skills and ability to collaborate across engineering and security teams