KST2OG - IB4 - SIEM/SOAR Automation Engineer - L3 Specialist

• Responsible for designing, implementing SIEM/SOAR solutions aligned with cybersecurity strategy. Leads integration, collaborates for seamless deployment, customizes tools, and leverages automation to enhance security posture.
• SIEM/SOAR Architecting and Implementation: responsible for designing, developing, and implementing SIEM and SOAR solutions. Crafting comprehensive architectural designs that align with the organization's cybersecurity strategy, incorporating advanced features to enhance threat detection and incident response capabilities. Lead the implementation and integration, collaborating with cross-functional teams to ensure seamless deployment. Customizing and optimizing the tools, creating tailored configurations, and leveraging automation to improve overall security posture.
• Advanced SIEM Configuration: Develop and implement complex configurations within the SIEM system to ensure optimal detection and response capabilities, including correlation rules, filters, and data source integrations.
• Custom Scripting and Automation: Develop custom scripts or automation workflows to enhance the automation capabilities of the SOAR platform, allowing for more efficient incident response and mitigation.
• Optimization: Continuously fine-tune and optimize SIEM/SOAR modules to improve their efficacy over time, adapting to changes in the threat landscape and organizational needs.
• Collaboration with IT and Security Teams: Work closely with IT and other security teams to understand the organization's infrastructure, applications, and network architecture, ensuring effective integration of SIEM/SOAR.
• Knowledge Sharing and Training: Provide training and guidance to junior team members, sharing expertise in MS Sentinel technology.
• Policy Development and Compliance: Contribute to the development and enforcement of security policies, ensuring compliance with industry standards and regulations through the effective use of the solution.

• Scripting and Programming: Knowledge of scripting skills in languages such as Python, PowerShell, or Bash to develop custom scripts for automation, integration, and data manipulation.
• Networking Protocols and Security: Knowledge understanding of networking protocols, firewall technologies, intrusion detection/prevention systems, and other network security measures.
• Operating Systems: Knowledge of various operating systems (Windows, Linux, Unix) and the ability to secure and monitor them effectively.
• Threat Intelligence Integration: Skill in integrating threat intelligence feeds into SIEM/SOAR platforms to enhance the detection of malicious activities.
• Database Security: Knowledge of database security principles, including the ability to monitor and secure databases within the SIEM/SOAR context.
• Cloud Security: Familiarity with cloud computing environments (AWS, Azure, GCP) and expertise in securing cloud-based infrastructure and services.
• Incident Response Tools: Competent use of incident response tools and frameworks to investigate and respond to security incidents effectively.
• Security Analytics: Competent with advanced analytics and machine learning techniques within SIEM systems to identify and respond to complex security threats.
• Log Management: Competent in log management, including the collection, storage, and analysis of logs from various sources to identify security events.
• Continuous Monitoring: Competent to implement continuous monitoring solutions, ensuring real-time visibility into the organization's security posture.

• The candidate is expected to have at least a bachelor's degree in Cybersecurity, Networking, Informatic or a related field.
• Relevant industry certifications (e.g., CompTIA Security+, CISSP, CEH).
• CISSP Certification (Certified Information Systems Security Professional).
• MS Sentinel product certifications (Among others are welcome: SC-100|200|300|400|900)
• High proficiency in Spanish and English.

Capgemini