SIEM/SOAR Security Engineer

What success looks like in this role:

• SIEM/SOAR Support: Assist in configuring and maintaining SIEM/SOAR platforms to support log collection, threat detection, and automated response workflows. Monitor and troubleshoot SIEM/SOAR systems to ensure reliable operation and data integrity. Support the creation of detection rules, dashboards, and alerts under senior engineer guidance.
• Log Management: Help manage log ingestion pipelines, including syslog, Windows Event Logs, and other sources, using SIEM tools or log aggregator and refinement platforms like Cribl. Work with Incident Response teams and senior engineer to apply basic filtering and parsing rules to reduce noise and optimize log data for analysis.
• Incident Response: Support incident response activities, including investigating alerts, collecting evidence, and documenting findings. Assist in executing SOAR playbooks for automated incident handling, under senior supervision. Participate in post-incident reviews to improve detection and response processes.
• Technical Assistance: Work closely with senior engineers to implement and test SIEM/SOAR configurations. Perform routine maintenance tasks, such as updating rules, validating data ingestion, and monitoring system performance.
• Compliance and Documentation: Assist in maintaining audit trails and logs to support compliance requirements (e.g., data protection regulations). Document configurations, incidents, and processes to ensure operational continuity.

• Serves as an escalation point for technical issues around security tooling and the Unisys SOC team.

You will be successful in this role if you have:

Key Qualifications

• 7-10 years in security operations, IT, or a related technical role, with exposure to SIEM/SOAR systems.
• Basic experience in incident response, such as handling alerts or supporting investigations.
• Foundational knowledge of SIEM/SOAR platforms (e.g., Splunk, Google SecOps, QRadar, Elastic, or similar).
• Familiarity with log management concepts, including syslog, Windows Event Logs, or API-based data collection.
• Basic scripting skills (e.g., Python, Grok, Go, JSON) for automation or data processing.
• Bachelor’s Degree in Cybersecurity, Computer Science, Computer Engineering, Information Technology or similar, or the equivalent hands-on experience combined with training and certifications.
• Exposure to incident response processes, such as triaging alerts or analyzing logs.
• Willingness to learn threat detection frameworks (e.g., MITRE ATT&CK).
• Familiarity with security issues associated with cloud environments, preferably with AWS or Azure.
• Strong problem-solving skills and attention to detail.
• Ability to work collaboratively with multiple teams and follow senior engineer guidance.
• Good communication skills to document findings and report to stakeholders

Preferred Qualifications

• Exposure to Cribl, Splunk, or Google SecOps (Chronicle), with a willingness to learn these tools.
• Basic understanding of log routing, filtering, or transformation concepts.
• Experience with basic forensic analysis or playbook execution in a SOAR platform.
• Entry-level certifications (e.g., CompTIA Security+, Splunk Fundamentals, GIAC Security Essentials) are a plus.