SIEM Engineer (Remote)

We are looking to hire a SIEM Specialist to join our Security Operations Center (SOC).

The selected candidate, together with their colleague in the SIEM team, will be responsible for the administration, optimisation and evolution of the SIEM platform, as well as the design of use cases, correlation rules, dashboards, alerts and integrations with different sources of security information.

Their main objective will be to improve cybersecurity incident detection, monitoring and response capabilities, contributing to the SOC’s operational efficiency and the reduction of false positives.

Main responsibilities

• Design, develop and optimise correlation rules for the detection of threats, anomalous behaviours and indicators of compromise.
• Review potential rule improvements jointly with the Red Team after the tests they carry out to validate the different alerts.
• Create and maintain security use cases aligned with the organisation’s risks, technology environment and frameworks such as MITRE ATT&CK and D3FEND.
• Support the Architecture team in integrating new log sources into the SIEM, ensuring proper normalisation, parsing, enrichment and data quality.
• Analyse security events and alerts to identify patterns, trends and potential incidents.
• Collaborate with SOC L1/L2/L3 analysts on the continuous improvement of alerts, playbooks and response processes.
• Review and fine-tune existing rules to reduce false positives and improve detection accuracy.
• Create dashboards, reports and operational metrics to monitor activity, detection effectiveness and source status.
• Participate in incident investigations, threat hunting and initial forensic analysis when required.
• Document use cases, rules, integrations, technical procedures and lessons learned.
• Create and maintain a repository of custom rules defined by the SOC to facilitate potential future SIEM changes.
• Collaborate with infrastructure, network, systems, cloud and security teams to ensure the correct ingestion of relevant events.
• Stay up to date on new threats, attack techniques and cybersecurity trends to translate them into new detection capabilities.

Requeriments and experience

• Proven previous experience in SOC environments, defensive cybersecurity or SIEM platform administration.
• Practical knowledge of SIEM tools such as Azure Sentinel, Splunk, IBM QRadar, Microsoft Sentinel, ArcSight, Elastic SIEM, LogRhythm or similar.
• Experience creating correlation rules, alerts, queries, dashboards and use cases.
• Knowledge of security log sources: firewalls, EDR, IDS/IPS, proxies, Active Directory, Windows/Linux systems, cloud, IAM, VPN, email, DLP, WAF, etc.
• Ability to analyse security events and understand attack patterns.
• Knowledge of frameworks and methodologies such as MITRE ATT&CK, Cyber Kill Chain, NIST, D3FEND or similar.
• Familiarity with incident response, threat hunting and vulnerability management concepts.
• Ability to produce technical documentation and work collaboratively with multidisciplinary teams.
• Sufficient technical English level to interpret documentation, alerts, reports and threat intelligence.

Nice to have

• Cybersecurity or SIEM certifications: Security+, CySA+, GCIA, GCIH, SC-200, AZ-500, Splunk Core Certified, QRadar, CEH or similar.
• Experience with SOAR and response automation.
• Knowledge of scripting or automation with Python, PowerShell, Bash or KQL/SPL/AQL, depending on the technology used.
• Experience in cloud environments: Azure, AWS or Google Cloud.
• Knowledge of threat intelligence and alert enrichment with IoCs.
• Experience defining SOC KPIs/KRIs.
• Experience in hardening, identity management, perimeter security or endpoint security.

What we offer

• Competitive salary.
• Health insurance.
• Remote work.
• A day off for your birthday 🎉
• Flexible working hours.
• A dynamic work environment where innovation and collaboration are at the heart of everyday work.
• Principio del formulario
• Final del formulario