Must Have Technical/Functional Skills
• SIEM/SOAR Platform Expertise: Deep knowledge and hands-on experience with Security Information and
• Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.
• Security Telemetry Management: Proficiency in managing the ingestion, normalization, and quality validation of security logs and telemetry from diverse sources.
• Detection Engineering: Ability to develop, configure, tune, and manage detection content (e.g., rules, use cases) to enhance threat detection capabilities.
• Query Language Proficiency: Expertise in using various query languages (e.g., SQL, Splunk SPL, Elastic DSL) to analyze security data and troubleshoot issues.
• Logging Compliance & Attestation: Strong understanding of logging requirements for various compliance frameworks (e.g., SEC attestation, industry standards) and ability to assist clients in meeting them.
• Operational Documentation: Skilled in creating and maintaining detailed operational runbooks, Standard
• Operating Procedures (SOPs), and technical documentation.
• Cross-Functional Technical Coordination: Ability to effectively coordinate and collaborate with engineering, product, SOC, and platform teams on technical initiatives.
• Problem Solving & Troubleshooting: Advanced analytical and problem-solving skills to diagnose and resolve complex technical issues related to security platforms and data.
• SLA/SLO Technical Monitoring: Capability to define, monitor, and report on technical service level performance metrics (e.g., detection coverage, response timelines).
• Acquisition Integration (Technical): Experience in technically integrating security services and platforms for newly acquired entities.
• Proficiency in leveraging Artificial Intelligence (AI) to drive innovation and efficiency within technical domains.
Roles & Responsibilities
• Oversee the operational lifecycle for security telemetry ingestion, use case enablement, and platform availability.
• Manage stability and performance of SIEM/SOAR pipelines.
• Own service-level performance metrics: detection coverage, response timelines, workflow health.
• Execute configuration, tuning, content management, and continuous quality improvement.
• Coordinate cross-functional engineering, product, SOC, platform teams, and compliance groups.
• Use various data sources to confirm that required logs are being provided. Assist clients in troubleshooting and improving security logging compliance.
• Proficient in using various query languages (sql and application specific queries) to answer business questions.
• Determine if clients are meeting minimum logging requirements and SEC attestation thresholds