SIEM Administrator/SIEM Platform Administration

Position:SIEM Administrator /SIEM Platform Administration

Location: Remote

Duration: 6 months

Job Summary: The role of the SIEM Administrator involves the administration, upkeep, and optimization of the Security Information and Event Management (SIEM) platform. This position is key to ensuring effective integration of log sources, developing and fine-tuning

detection rules, and aligning security operations with the MITRE ATT&CK framework to enhance the organization\ 's threat detection and response capabilities. The ideal candidate is detail-oriented, technically proficient, and passionate about strengthening organizational
security.

Key Responsibilities

a) SIEM Platform Administration
o Manage and maintain the Google Chronicle SIEM platform including system health, performance monitoring, and upgrades,
o Configure and optimize SIEM dashboards, reports, and alerts for operational efficiency, o Perform regular backups, patch management, and capacity planning to ensure platform reliability.

b) Log Source Integration
o Onboard and integrate diverse log sources (e.g.: firewalls, endpoints, cloud platforms, applications) into the SIEM platform,
o Validate log data quality, normalize event formats, and ensure consistent data ingestion,
o Troubleshoot and resolve issues related to log collection and parsing.

c) Rules Creation and Tuning
o Develop, test, and deploy correlation rules and use cases to detect potential security threats,
o Continuously tune existing rules to reduce false positives and improve detection accuracy,
o Collaborate with threat intelligence teams to incorporate emerging threat indicators into SIEM rules.

d) MITRE ATT&CK Framework Alignment
o Map SIEM use cases and detection rules to MITRE ATT&CK techniques and tactics,
o Identify coverage gaps and develop strategies to enhance detection capabilities aligned with MITRE ATT&CK,
o Maintain documentation of MITRE ATT&CK mappings for audits and reporting.

Qualifications: a) Experience
o 5+ years of experience in SIEM administration or a similar cybersecurity role,
o Hands-on experience with SIEM platforms, primarily Google Chronicle,
o Knowledge on Microsoft Sentinel Splunk, IBM QRadar, Elastic SIEM, ArcSight are added advantage,
o Proven experience integrating log sources and developing correlation rules,
o Familiarity with processes and tools such as: enterprise firewalls, network intrusion detection/prevention, virtual private networking, application listing, and data loss prevention
o Familiarity with the security concepts of log analysis, monitoring and system/network auditing or experience working in a security operations center
o Familiarity with the MITRE ATT&CK framework and its application in threat detection.

b) Technical Skills
o Proficiency in log management, event correlation, and data normalization techniques.
o Knowledge of network protocols, operating systems (Windows/Linux), and cloud environments (AWS, Azure, Google Cloud Platform).
o Scripting skills (e.g., Python, PowerShell, Bash) for automation and custom parsing.
o Query skills (e.g., MS Sentinel KQL; Splunk SPL; IBM QRadar AQL;
o Understanding of threat intelligence feeds and IOC integration.
o Cybersecurity certifications such as CompTIA Security+, CEH, CISSP, or GIAC.

c) Soft Skills:
o Strong analytical and problem-solving skills.
o Excellent communication and documentation abilities.
o Ability to work independently and collaborate in a team environment.