SIEM Engineer

Job Accountabilities
POSITION/JOB TITLE
Global Security – SIEM Engineer
DEPARTMENT
Global Information Security
DIVISION
Corporate Global
LOCATION
Yardley(US)
HIRING MANAGER
Bistra Lutz
DEPARTMENTAL MANAGER
Anthony Vitello
Document History
Version
Date
Author
Comments
v1.0
5 th Sept 2025
Bistra Lutz
Initial Version

• Company Overview
  

Crown Holdings, Inc. is a global leader in the design, manufacture, and sale of packaging products for consumer goods. At Crown, we are passionate about helping our customers build their brands and connect with consumers around the world. We do this by delivering innovative packaging that offers significant value for brand owners, retailers, and consumers alike. With operations in 47 countries employing over 33,000 people and net sales of over $11 billion, we are uniquely positioned to bring best practices in quality and manufacturing to our customers to drive their businesses locally and globally. Sustaining a leadership position requires us to build a team of highly talented, dedicated, and driven individuals.

• Department Overview
  

The Global Information Security Team’s mission is “protect Crown’s global information systems, data and employees from cyber-based security threats while ensuring the confidentiality, integrity and availability of information used by the Crown business units to product world class sustainable packaging solutions to our customers”.
You will join a fun, cohesive and collaborative team who love what they do and are committed to creating a safe and secure environment for the Crown family. Our team is nimble, lean and have dynamic backgrounds that foster an environment of continuous learning and growth.

• Location
  

This is an office-based position in Yardley PA, and individuals are expected to be in the office daily. Crown offers a flexible work hour schedule.

• Summary of Position
  

The SIEM Engineer position is a cornerstone of our security operations, responsible for architecting, building, and mastering our threat detection and response ecosystem within Azure Sentinel. This is a deeply technical, hands-on role for a professional who thrives on managing the entire security data pipeline—from architecting log ingestion from multi-cloud sources to developing sophisticated KQL analytics and automated SOAR playbooks. More than just a platform administrator, this position is empowered to strategically enhance our security posture by creating insightful dashboards, defining the metrics that measure our success, and spearheading the development of our proactive threat hunting program.
Job Requirements

• Responsibilities
• SIEM Architecture & Management:
• Lead the design, deployment, and continuous improvement of our Azure Sentinel environment.
• Ensure the health, performance, and availability of the SIEM platform, including Log Analytics Workspaces and Azure Data Explorer clusters.
• Manage data retention, archiving, and cost optimization strategies for security logs.
• Log Ingestion & Data Management:
• Develop and manage data connectors to ingest logs from a wide variety of on-premise and multi-cloud (Azure, AWS) sources, including network devices, endpoints, applications, and identity providers.
• Create and maintain parsing and normalization rules (ASIM) to ensure log data is structured, consistent, and ready for analysis.
• Troubleshoot issues with log sources, data connectors, and parsing functions.
• Detection, Automation, & Metrics:
• Develop, test, and tune high-fidelity analytics rules in KQL to detect emerging threats, mapping detections to frameworks like MITRE ATT&CK.
• Build and maintain Azure Logic Apps (SOAR playbooks) to automate incident enrichment, notification, and response actions.
• Design and develop interactive Azure Workbooks (dashboards) to provide real-time visibility for the Security Operations Center (SOC).
• Create and track key incident response metrics, such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), to measure program effectiveness.
• Participate in Incident Response Exercises and tabletop simulation or other security related drills
• Threat Hunting Practice Development:
• Establish and lead a proactive threat hunting program within the SIEM.
• Formulate hypotheses based on threat intelligence and an understanding of our environment.
• Utilize advanced KQL queries and big data analytics to hunt for indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that evade traditional detections.
• Translate successful threat hunts into new, automated detection rules.
• Job Requirements
  

We are seeking a highly skilled and motivated SIEM Engineer to architect, implement, and optimize our threat detection and response capabilities within Microsoft Azure Sentinel. This role is central to our security operations and requires a deep technical understanding of SIEM technology, log data management, and security automation.
Education & Certifications

• Bachelor’s degree in Information Systems, Computer Science, or equivalent experience
• Preferred security certifications: Relevant industry certifications (e.g., Microsoft SC-200, AZ-500, CISSP, GCIH).
  

Technical Expertise

• Relevant industry certifications (e.g., Microsoft SC-200, AZ-500, CISSP, GCIH).
• Experience in building a threat hunting practice from the ground up.
• Strong data visualization skills and experience creating meaningful dashboards and reports for both technical and executive audiences.
• Knowledge of infrastructure-as-code (IaC) for deploying and managing Azure resources (e.g., Bicep, ARM templates).
• Experience in a hybrid environment with both on-premise and multi-cloud infrastructure.
  

Core Competencies

• Excellent communication skills, translating technical concepts for all audiences
• Leadership in performance management, issue resolution, negotiation, and team motivation
• Experience collaborating with diverse teams across multiple countries and cultures
• Advanced problem-solving and troubleshooting skills
• Quality driven with exceptional attention to detail
• Strong organizational and prioritization skills