SIEM Administrator

Role Summary

The SIEM Administrator will design, configure, and manage the enterprise SIEM platform with a strong focus on integrating and operationalizing CrowdStrike Falcon telemetry. The role ensures effective log ingestion, high quality detections, and smooth collaboration with SOC and IR teams to strengthen monitoring and response capabilities.

Key Responsibilities

SIEM Administration

• Deploy, manage, and optimize SIEM platforms (Splunk / QRadar / Sentinel / Elastic).
• Build and maintain data ingestion pipelines, field extractions, correlation rules, dashboards, and RBAC.
• Conduct health monitoring, upgrades, patching, and performance tuning for SIEM infrastructure.
• Ensure retention policies, storage lifecycle, and configurations meet security and compliance needs.

CrowdStrike Falcon Engineering

• Integrate Falcon (FDR/Event Streams/API) telemetry into the SIEM.
• Normalize, enrich, and map Falcon events to MITRE ATT&CK.
• Develop detections, dashboards, and endpoint security reports.
• Ensure full sensor coverage, log completeness, and detection quality.

Detection Engineering & Tuning

• Write and tune correlation rules for endpoint, identity, network, and cloud threats.
• Reduce false positives and improve alert fidelity through tuning and contextual enrichment.
• Maintain detection documentation and lifecycle (dev test prod).

Automation & Integration

• Integrate SIEM with SOAR for automated enrichment and response workflows.
• Build automation for IOC lookups, ticketing, host isolation, and log queries.
• Ensure reliable execution and governance for all automated tasks.

Logging, Coverage & Governance

• Define logging standards and ensure onboarding of critical log sources across IT, cloud, and security tools.
• Troubleshoot ingestion failures and maintain high data quality.
• Maintain runbooks, technical documentation, and compliance ready configurations.

Cross Team Collaboration

• Work closely with SOC, IR, Endpoint, Network, and Cloud teams on improving detection and response processes.
• Provide SME support during incidents, investigations, and RCA discussions.

Required Skills

Technical

• 5 8 years of SIEM engineering/administration experience.
• Strong hands on expertise integrating CrowdStrike Falcon with SIEM platforms.
• Experience with log parsing, regex, JSON, APIs, and MITRE ATT&CK mapping.
• Knowledge of endpoint, network, identity, and cloud logs (AWS/Azure/GCP).
• Scripting (Python, PowerShell, Bash) for automation and enrichment.

Security Operations

• Experience supporting SOC and IR functions.
• Strong understanding of detection logic, alert triage, attacker TTPs, and investigation workflows.

Professional

• Strong communication and documentation skills.
• Ability to work in high pressure incident scenarios.
• Strong analytical and troubleshooting capabilities.

Preferred

• Experience with SOAR tools.
• Exposure to cloud logging and SIEM automation frameworks.
• Certifications such as Splunk Admin/Power User, SC 200, CrowdStrike CCFA/CCFR, CySA , GCIH