SIEM & Log Management Administrator

Position Description:

The Global Security Operations Center (GSOC) is seeking a SIEM & Log Management Administrator to support its Log Analytics Team. This role will serve as a key enabler for security observability responsible for administering maintaining and optimizing our log management and SIEM solutions while ensuring high data quality completeness and integrity across the security telemetry pipeline.

This is a highly technical hands-on role requiring deep expertise in log ingestion normalization transformation and the health of distributed data systems that support threat detection response and security analytics at scale.

Your future duties and responsibilities:

The SIEM & Log Management Administrator is responsible for many of the following activities:
SIEM Administration
Administer and maintain Splunk environments including forwarders indexes ingestion pipelines and knowledge objects.
Tune and optimize ES correlation searches risk-based alerting (RBA) and data models to support efficient threat detection.
Ensure Splunk Common Information Model (CIM) compliance and coordinate with detection engineers to map new log sources to existing or custom data models.
Manage user roles RBAC and app configurations in Splunk Cloud and ES environments.
Log Management Administration
Deploy and manage Cribl pipelines for ingestion enrichment reduction and routing of telemetry data from cloud and on-prem environments.
Leverage Cribl Functions Packs and Replay features to maintain data integrity and reprocess missed or misconfigured logs.
Collaborate with log source owners to define parsing and transformation logic to meet CIM and use case needs.
Security Data Quality Engineering
Build automated checks and dashboards to monitor log source onboarding field completeness parsing errors and CIM conformance.
Define and implement KPIs for data health (e.g. time delay field presence event volume anomalies).
Identify and remediate ingestion gaps stale feeds duplicate data or parsing failures impacting detection efficacy.
Work with threat detection and IR teams to validate log fidelity against detection requirements and incident investigations.
Operational Support & Automation
Act as a escalation point for ingestion issues data loss and SIEM platform anomalies.
Automate deployment and validation of data pipeline changes using CI/CD pipelines and infrastructure-as-code tools (e.g. Terraform Git).
Create & maintain documentation runbooks and support knowledge sharing across SOC and engineering teams.
Document all custom configurations not covered by vendor documentation.
Ensure all configuration changes are managed using Change Management best practices.
Ensure OS and application upgrades and patches are applied as required.
Participate in an on-call rotation to support GSOC 24/7 mission requirements.
Monitoring Security Application Incident Reporting
Define implement & monitor operational and performance objectives for each security application (e.g. Mean Time Between Failure Mean Time to Recover Availability Disk space usage CPU usage) as defined in the Operations Model.
Monitor security applications for availability performance and usage using monitoring tools.
When applications fall below operational and performance objectives report Incidents using the appropriate method & work towards problem resolution.
When application Incidents are reported troubleshoot and determine root cause and required corrective action in a timely manner.
If required work with application SMEs and CGI internal and external service providers to resolve Incidents.
Ensure lessons learned through root cause analysis and troubleshooting are documented.
Collaboration and Continuous Improvement
Continuously look for opportunities to share knowledge with teammates using oral and written communication skills.
Help project teams achieve their cost schedule and quality goals by completing tasks on time and with quality.

Required qualifications to be successful in this role:

The candidate should be passionate about technology & security love to solve technical challenges and like to learn new modern solutions. This person should also be able to demonstrate a thorough understanding of infrastructure operations and in-depth knowledge and experience around log management log monitoring and SIEM solutions.

Experience / Expertise
The candidate should have expertise and 3-5 years of experience in at least two (2) of the following areas:
SIEM Application Administration.
Security Application Support.
Security Infrastructure Support.
IT and/or Security Innovation and automation.
IT Change Management Identity & Access Management Asset Management.
Education and Certifications
Degree in Software/Systems Engineering IT Security or Technology related fields a major plus.
Relevant certifications are desirable but equivalent experience is acceptable.
Required:
years of experience in log analytics SIEM engineering or observability platform administration.
Hands-on experience with Cribl Edge Cribl Stream Splunk ES Microsoft Sentinel Crowdstrike Logscale.
Deep understanding of log formats (JSON CEF Syslog) normalization standards (CIM) and parsing techniques (regex SPL).
Strong scripting or coding skills (e.g. Python PowerShell or Bash) for automation and data validation.
Experience working with endpoint devices (e.g. servers network firewalls switches DNS servers Active Directory Domain Controllers Intrusion Detection/Prevention Systems (IDS/IPS) business critical systems).
Familiarity with security operations workflows including detection IR threat hunting and compliance.
Preferred:
Certification : Cribl Certified Admin or Engineer and Splunk Certified Admin/Architect/ES Content Manager.
Exposure to data quality tools or frameworks for monitoring and alerting on structured data quality issues.
Working knowledge of MITRE ATT&CK framework and how it maps to data sources and detection logic.
Strong understanding of Linux operating system.
Troubleshooting and resolving application-layer issues and errors.
Understanding of scripting (e.g. bash shell scripting python).
Communication (Oral/Written) (English and French a major plus).

#LI-KM1

Skills:

• IT Service Management
• Security Operations Center

What you can expect from us:

Together as owners lets turn meaningful insights into action.

Life at CGI is rooted in ownership teamwork respect and belonging. Here youll reach your full potential because

You are invited to be an owner from day 1 as we work together to bring our Dream to life. Thats why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our companys strategy and direction.

Your work creates value. Youll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas embrace new opportunities and benefit from expansive industry and technology expertise.

Youll shape your career by joining a company built to grow and last. Youll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer being able to perform your best during the recruitment process is important to us. If you require an accommodation please inform your recruiter.

To learn more about accessibility at CGI contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.

Come join our teamone of the largest IT and business consulting services firms in the world.