You will be responsible for collecting, normalizing, analyzing, and exploiting security logs from multiple sources across the organization, ensuring they are ingested into SIEM platforms and used to detect threats, anomalies, and security incidents. You will play a key role in threat detection, incident investigation, and forensic analysis by transforming raw logs into actionable insights through dashboards, alerts, and advanced log analysis.
Key Responsibilities:
· Design, implement, and maintain log collection pipelines from multiple sources, including security, infrastructure, cloud, and application systems.
· Ensure logs are ingested, parsed, normalized, and retained correctly across SIEM platforms such as FortiAnalyzer, Splunk, CrowdStrike, and others.
· Maintain data quality and consistency across all log sources.
· Design, build, and maintain dashboards and visualizations to provide visibility into security posture, threats, and operational metrics.
· Create, tune, and maintain correlation rules and alerts based on:
o Attack patterns
o Indicators of compromise (IOCs)
o Behavioral anomalies
o Custom detection use cases defined by the Information Security Team
· Continuously analyze logs to identify suspicious, anomalous, or out-of-the-ordinary behavior.
· Proactively hunt for threats by performing advanced log searches and pattern analysis.
· Support incident response and forensic investigations by:
o Searching historical logs
o Reconstructing attack timelines
o Identifying entry points, lateral movement, and attacker activity
· Collaborate with SOC Analysts, Dev Security, IAM, Threat Hunting, and other security roles during incident investigation and response.
· Validate alerts and detections to reduce false positives and improve detection quality.
· Ensure all detections, investigations, and findings are properly documented and tracked via tickets (Jira).
· Document new procedures or update existing ones for log management, detection, and investigation.
· Ensure documentation is accurate, comprehensive, and delivered on time.
· Create reports based on SIEM data for operational, technical, and management audiences.
· Engage in ongoing training and professional development to stay current with emerging threats, attack techniques, and detection strategies.
· Share knowledge and expertise with the team to foster a culture of security awareness and continuous improvement.
· Adhere to the organization's different policies.
· Keep your work organized and traceable through tickets (Jira).
Knowledge and skills you need to have
· Studies in computer science, telecommunications, cybersecurity, or other related academic fields.
· At least 3 years of work experience in SIEM operations, log analysis, or security monitoring roles.
· Hands-on experience collecting and managing logs from multiple sources (endpoints, network devices, servers, cloud services, applications, authentication systems, etc.).
· At least 2 years of experience with Splunk is required (by operating and configuring rules and settings).
· At least 2 years of experience working with CrowdStrike is required.
· Experience working with other SIEM and log platforms such as FortiAnalyzer, New Relic, ManageEngine AD Audit, Axonius, or similar.
· Experience creating dashboards, visualizations, and reports based on log data.
· Experience in defining and tuning alerts and correlation rules.
· Knowledge of scripting or query languages used in SIEM platforms (e.g., SPL, KQL, SQL-like queries).
· YARA rules.
· Regular expressions (regex).
· Familiarity with security tools generating logs, such as firewalls, EDR, IAM, cloud platforms, and application security tools.
· Strong analytical mindset with the ability to identify patterns and anomalies in large datasets.
· Experience supporting incident response and forensic investigations through log analysis.
· Ability to work independently and as part of the Information Security Team under minimal supervision.
· Eager to learn and continuously improve detection capabilities.
· Strong documentation and reporting skills.
· Technical skills:
o Solid foundations in networking, operating systems, authentication flows, and cybersecurity.
o Ability to understand how logs reflect system and user behavior across different platforms.
Additional requirements, not essential but "nice to have":
· Any cybersecurity certification.
· Experience with log normalization standards and detection methodologies.
· Familiarity with MITRE ATT&CK and threat detection frameworks.
· Experience with threat hunting activities.
· Familiarity with forensic analysis concepts and incident response workflow
