SIEM Analyst

Description Key Responsibilities Monitor and analyze security event logs from diverse sources (e.g., firewalls, IDS/IPS, endpoint protection tools) to detect potential threats. Investigate and triage security alerts generated by Splunk SIEM, escalating incidents when necessary. Conduct root cause analysis of security incidents and provide actionable remediation recommendations. Integrate and validate log sources into the Splunk environment, ensuring completeness, accuracy, and relevance. Optimize and tune correlation rules, detection use cases, and dashboards to enhance operational effectiveness. Perform regular vulnerability assessments using tools such as Tenable or Rapid7 InsightVM; prioritize and coordinate remediation with IT teams. Conduct proactive threat hunting using SIEM, EDR, and CASB platforms to identify undetected threats. Participate in incident response activities, providing investigative support and analysis as needed. Monitor network traffic and detect anomalies using advanced security tools and analytics. Continuously improve SIEM processes, alert fidelity, and detection coverage. Maintain and update documentation related to log onboarding, detection logic, triage procedures, and cybersecurity standards. Support the development of cybersecurity best practices and contribute to process improvements. Qualifications & Requirements Bachelor's degree in Computer Science, Cybersecurity, Information Assurance, or a related field; Master’s degree preferred. Minimum of 5 years’ experience in a Security Operations Center (SOC) or cybersecurity role with hands-on expertise in SIEM platforms (Splunk preferred). Strong knowledge of threat detection, incident response, and vulnerability management processes. Proficiency with log analysis across platforms including Windows, Linux, cloud services (AWS, Azure), and network security devices. Experience with vulnerability scanning tools such as Tenable or Rapid7 InsightVM. Understanding of detection engineering, alert tuning, and security monitoring workflows. Familiarity with cloud security principles and monitoring techniques in hybrid environments. Strong analytical and communication skills with the ability to clearly present findings to technical and non-technical audiences. Collaborative mindset with the ability to work in diverse and global team environments. Self-motivated, inquisitive, and adaptable to rapidly changing security landscapes. Preferred certifications: Splunk Core Certified Power User, CompTIA Security+, GIAC Certified Intrusion Analyst (GCIA), or equivalent. Job Type: Full-time Pay: $40.01 - $70.00 per hour Benefits: • Dental insurance • Health insurance Work Location: In person