SIEM Sentinel Engineer
Qualifications & Requirements
Experience Level: Senior Level
Full Job Description
Key Responsibilities
The SIEM Sentinel Engineer will be responsible for designing, developing, and implementing impactful SIEM use cases specifically tailored for Operational Technology (OT) environments. This includes onboarding data from diverse sources, developing custom parsers for unsupported sources, and verifying log source data against the Common Information Model (CIM). Expertise in data parsing and masking prior to SIEM ingestion is essential. The role involves providing comprehensive support for data collection, processing, analysis, and operational reporting systems, encompassing planning, installation, configuration, testing, troubleshooting, and problem resolution.
The engineer will assist clients in optimizing SIEM system capabilities, including audit and logging features of event log sources, and provide technical guidance for configuring end log sources for SIEM integration. Creating advanced visualizations and dashboards for near real-time visibility into OT applications is a key task. Operational support for globally deployed OT network monitoring solutions such as Nozomi, Claroty, and Armis is also required. Proficiency in programming or scripting languages like Python (preferred), JavaScript (preferred), Bash, PowerShell is necessary.
Consultative experience during testing, evaluation, pilot, production, and training phases to ensure successful deployment is crucial. The role demands understanding customer requirements, recommending best practices for SIEM solutions, and offering consultative advice on security principles related to SIEM operations. The engineer will design and document SIEM solutions to meet client needs, with expertise in SIEM content development, including automated security event monitoring, alerting, and corresponding event response plans. Experience in creating use cases aligned with the Cyber Kill Chain and MITRE Attack Framework is expected. Strong knowledge of Alert and Report configuration, and the ability to create, modify, and tune SIEM rules to meet client requirements are vital. Collaboration with client stakeholders for correlation rule tuning, incident classification, and prioritization recommendations is also a core part of the role.
Qualifications and Experience
A minimum of 8 years of overall cybersecurity experience is required, with at least 4 years specifically in OT/IoT Security solutions. Strong knowledge of IT/OT/IoT communication protocols and experience supporting industrial protocols are essential. Excellent oral, written, and listening skills are paramount for effective consulting. A strong background in network administration and the ability to work at all layers of the OSI model are necessary. Knowledge of Vulnerability Management, Windows and Linux basics (including installations, domains, trusts, GPOs, server roles, security policies, user administration, Linux security, and troubleshooting) is required.
Experience with the design and implementation of Splunk, focusing on IT Operations, Application Analytics, User Experience, Application Performance, and Security Management is highly desirable. Experience with multi-cluster deployments and management according to vendor guidelines and industry best practices is also beneficial. The ability to troubleshoot Splunk platform and application issues, escalate, and work with Splunk support is important.
Certification in a SIEM solution such as Splunk, IBM QRadar, Exabeam, or Securonix is an added advantage. Certifications in a core security-related discipline are also a plus.
Company
EY
Ernst & Young (EY) is a global leader in assurance, tax, transaction and advisory services. We are passionate about helping our clients succeed. We are committed to building a better working world – a...