Remote SOAR Consultant

• Collaborate with the technical lead to develop a log ingestion strategy
• Contribute to the detection strategy based on industry best practices
• Document a detailed step-by-step process for ingesting high-quality log sources
• Monitor and optimize log sources for maximum efficiency
• Create high-quality correlation rules to enhance threat detection
• Tune log sources and correlation rules for optimal performance
• Serve as a Subject Matter Expert (SME) for SIEM, correlation, and log source ingestion
• Identify opportunities for automation to improve analyst alert handling
• Work closely with internal and external teams to ensure product adoption
• Create technical documentation detailing SIEM aspects of the engagement

• 6+ years of experience in deploying and integrating SIEM solutions in enterprise to large enterprise-level environments
• Experience with Security Operation Centers tooling and processes
• Experience in coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using SIEM platforms
• Ability to create and develop correlation and detection rules within a SIEM to support alerting capabilities
• Experience with a variety of SIEM technologies such as Splunk, IBM QRadar, etc.
• Proven ability to suggest detection strategies based on customer requirements
• Strong skills in Regular Expressions
• Ability to understand logs and locate/understand third-party documentation when necessary
• Familiarity with reports on the status of the SIEM, including metrics such as the number of logging sources, log collection rate, and other performance metrics
• Relevant bachelor's degree or industry-recognized qualifications (CISSP, GIAC, SIEM Vendor Qualification, etc.)

Knowledge of Security Analysis & Response, including endpoint, network, and cloud-based environments, is a plus

• Healthcare
• Dental
• Vision
• PTO
• Holiday
• Medical
• Dental
• Vision
• 401K
• PTO
• Sick Leave
• Paid Holidays