Senior Security Operations Specialist – SIEM & SOAR

Job Description: Security Operations Specialist – SIEM & SOAR

Department: Information Security / Security Operations

Job Summary

We are seeking a Security Operations Specialist – SIEM & SOAR to manage and optimize Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms. The ideal candidate will oversee the operation of Splunk, Google Chronicle, Siemplify, and Palo Alto XSOAR, ensuring effective log ingestion, parser development, playbook automation, and anomaly detection. This role is critical in identifying unusual behavior, enhancing security visibility, and providing actionable insights to executives.

Key Responsibilities

1. SIEM Operations & Log Management

• Manage and maintain SIEM platforms (Splunk, Google Chronicle) to ensure optimal log ingestion and processing.
• Develop and fine-tune log parsers for structured and unstructured data.
• Ensure data normalization, enrichment, and correlation to improve threat detection.

2. Threat Detection & Anomaly Analysis

• Continuously monitor security events to identify unusual behavior and potential threats.
• Create custom detections, alerts, and dashboards for advanced threat visibility.
• Investigate suspicious activities and escalate incidents as needed.

3. SOAR Automation & Playbook Development

• Design and implement automation playbooks in Siemplify and Palo Alto XSOAR to streamline security operations.
• Automate threat response, triage, and remediation workflows to reduce response times.
• Integrate SIEM, threat intelligence feeds, and incident response tools for enhanced security operations.

4. Security Insights & Executive Reporting

• Generate security analytics and reports for leadership, highlighting trends and risks.
• Provide executive-level insights on security events, response effectiveness, and operational improvements.
• Track and improve key security metrics and operational efficiencies.

Qualifications & Skills

Required:

• 3+ years of experience in SIEM, SOAR, or Security Operations.
• Hands-on experience with Splunk, Google Chronicle, Siemplify, Palo Alto XSOAR.
• Strong knowledge of log ingestion, parsing, and security event correlation.
• Experience in developing custom detections, queries, and dashboards.
• Ability to design and automate security playbooks for incident response.
• Strong analytical and communication skills to present security insights to executives.

Preferred:

• Certifications such as Splunk Certified Admin, Chronicle Security Engineer, CISSP, or GIAC Security Operations (GCIA, GMON).
• Experience with threat intelligence integration and UEBA (User and Entity Behavior Analytics).
• Knowledge of cloud security logging (AWS, GCP, Azure) and compliance frameworks.