SIEM Administrator

Deerfield, WI - USA

Monthly Salary: Not Disclosed

Posted on: 14 hours ago

Vacancies: 1 Vacancy

Job Summary

Role Summary

The SIEM Administrator will design configure and manage the enterprise SIEM platform with a strong focus on integrating and operationalizing CrowdStrike Falcon telemetry. The role ensures effective log ingestion high quality detections and smooth collaboration with SOC and IR teams to strengthen monitoring and response capabilities.

Key Responsibilities

SIEM Administration

Deploy manage and optimize SIEM platforms (Splunk / QRadar / Sentinel / Elastic).
Build and maintain data ingestion pipelines field extractions correlation rules dashboards and RBAC.
Conduct health monitoring upgrades patching and performance tuning for SIEM infrastructure.
Ensure retention policies storage lifecycle and configurations meet security and compliance needs.

CrowdStrike Falcon Engineering

Integrate Falcon (FDR/Event Streams/API) telemetry into the SIEM.
Normalize enrich and map Falcon events to MITRE ATT&CK.
Develop detections dashboards and endpoint security reports.
Ensure full sensor coverage log completeness and detection quality.

Detection Engineering & Tuning

Write and tune correlation rules for endpoint identity network and cloud threats.
Reduce false positives and improve alert fidelity through tuning and contextual enrichment.
Maintain detection documentation and lifecycle (dev test prod).

Automation & Integration

Integrate SIEM with SOAR for automated enrichment and response workflows.
Build automation for IOC lookups ticketing host isolation and log queries.
Ensure reliable execution and governance for all automated tasks.

Logging Coverage & Governance

Define logging standards and ensure onboarding of critical log sources across IT cloud and security tools.
Troubleshoot ingestion failures and maintain high data quality.
Maintain runbooks technical documentation and compliance ready configurations.

Cross Team Collaboration

Work closely with SOC IR Endpoint Network and Cloud teams on improving detection and response processes.
Provide SME support during incidents investigations and RCA discussions.

Required Skills

Technical

5 8 years of SIEM engineering/administration experience.
Strong hands on expertise integrating CrowdStrike Falcon with SIEM platforms.
Experience with log parsing regex JSON APIs and MITRE ATT&CK mapping.
Knowledge of endpoint network identity and cloud logs (AWS/Azure/GCP).
Scripting (Python PowerShell Bash) for automation and enrichment.

Security Operations

Experience supporting SOC and IR functions.
Strong understanding of detection logic alert triage attacker TTPs and investigation workflows.

Professional

Strong communication and documentation skills.
Ability to work in high pressure incident scenarios.
Strong analytical and troubleshooting capabilities.

Preferred

Experience with SOAR tools.
Exposure to cloud logging and SIEM automation frameworks.
Certifications such as Splunk Admin/Power User SC 200 CrowdStrike CCFA/CCFR CySA GCIH

Role Summary The SIEM Administrator will design configure and manage the enterprise SIEM platform with a strong focus on integrating and operationalizing CrowdStrike Falcon telemetry. The role ensures effective log ingestion high quality detections and smooth collaboration with SOC and IR teams...