Technical Support Engineer Level 4 - Applications
•Gofundme· 12h
🎧 Support🎓 Internship📈 Mid Level🇦🇷 Buenos Aires, Argentina
12h ago
Protera·2 months ago
Job Title: Senior Cyber Security Engineer
Shift Timing- Rotational
Work mode- Remote, India
Role Overview:
We are looking for a highly technical Senior SIEM Engineer of experience of 10+ years with deep expertise in enterprise-scale SIEM architecture, data ingestion engineering, detection design, and platform maintenance. The ideal candidate will have strong hands-on experience in building SIEM solutions from the ground up, optimizing ingestion pipelines, designing advanced correlation logic, and ensuring the SIEM platform remains stable, scalable, and high performing.
Core Responsibilities:
1. SIEM Architecture & Design
· Architect and design scalable SIEM environments (clustered deployments, distributed search heads, indexers, data nodes, collectors, agents, pipelines).
· Define ingestion architecture including syslog tiers, forwarders, collectors, connectors, event hubs, and cloud-native logging services.
· Design data schemas, field mapping, normalization, and taxonomy aligned to MITRE, ECS, CIM, or custom models.
· Develop onboarding standards, ingestion frameworks, and parsing templates for structured and unstructured logs.
· Define retention strategies, storage planning, index design, tiered storage, and hot/warm/cold architecture.
2. SIEM Implementation & Integration
· Build and deploy SIEM components: forwarders, connectors, heavy forwarders, Logstash/filter nodes, agents, custom ingestion scripts.
· Configure ingestion for Windows, Linux, firewalls, endpoints, cloud workloads, applications, containers, and APIs.
· Create and maintain parsing rules (regex, KQL parsers, field extraction, custom source types).
· Implement identity, network, cloud, and application log sources with full end-to-end validation.
· Integrate threat intelligence feeds, enrichments, lookup tables, and contextual metadata.
3. SIEM Detection Engineering
· Develop advanced correlation rules and use cases (statistical, behavioural, sequence-based, threshold-based, machine-learning-driven).
· Map detections to MITRE ATT&CK and create automated enrichment workflows.
· Conduct rule tuning, false-positive reduction, threshold optimization, and noise suppression.
· Build dashboards, reports, alerting frameworks, and threat models customized for the environment.
4. SIEM Operations & Maintenance
· Maintain SIEM platform health through upgrades, patching, load balancing, and cluster management.
· Perform ingestion troubleshooting, parsing fixes, queue-depth monitoring, and pipeline optimization.
· Conduct capacity planning, storage forecasting, index optimization, and performance tuning.
· Implement RBAC, multi-tenant configurations, ingestion quotas, and compliance-driven logging controls.
· Build automation for maintenance tasks using Python, PowerShell, Bash, or APIs.