Senior Security Intelligence Specialist

Job Summary:

We are seeking an experienced Senior SIEM Implementer to lead and support the design, deployment, configuration, and optimization of SIEM platforms, with a strong focus on Splunk, IBM QRadar, and ArcSight. The ideal candidate will have a deep understanding of security information and event management (SIEM) systems and proven hands-on experience implementing use cases, log onboarding, parsing, custom rules, and system integration across enterprise environments.

Key Responsibilities:

• Lead end-to-end implementation and deployment of SIEM platforms: Splunk, QRadar, and ArcSight.
• Collect and onboard logs from diverse data sources (firewalls, IDS/IPS, servers, applications, cloud platforms).
• Design and configure parsing rules, custom fields, and normalization/mapping for different log formats.
• Develop and tune correlation rules, alerts, dashboards, and reports aligned with organizational security requirements.
• Integrate threat intelligence feeds and support detection content (e.g., Sigma rules, STIX/TAXII).
• Perform data validation, troubleshooting, and tuning to improve SIEM performance and reduce false positives.
• Collaborate with security analysts, incident response teams, and IT departments to align SIEM use cases with business needs.
• Create and maintain documentation for configurations, implementation guides, and change records.
• Conduct workshops and training for internal stakeholders on SIEM usage and best practices.
• Support system upgrades, migrations, and patches in coordination with vendors and internal teams.
• Ensure compliance with industry regulations and internal security policies (ISO 27001, NIST, GDPR, etc.).

Required Qualifications:

• 3+ years of experience implementing and managing SIEM solutions in enterprise environments.
• Strong, hands-on expertise with Splunk (Enterprise Security), IBM QRadar, and Micro Focus ArcSight (ESM).
• Threat Hunting and Use cases development.
• Integration SIEM with On prem and cloud data sources.
• Proficiency in log parsing, regex, custom properties/fields, and event categorization.
• Experience with scripting languages (e.g., Python, Bash, PowerShell) for automation and integration.
• Good understanding of security frameworks and standards (MITRE ATT&CK, NIST, CIS).
• Familiarity with enterprise IT and security infrastructure (firewalls, proxies, endpoints, cloud platforms).
• Excellent analytical and troubleshooting skills.
• Strong documentation and communication skills.

Preferred Certifications:

• Splunk Power User Certified
• IBM QRadar administration Certified

Additional Skills (Nice to Have):

• Knowledge of SOAR platforms and integrations.
• Familiarity with cloud-native SIEMs (Azure Sentinel, Google Chronicle, etc.).
• Experience with rule creation using Sigma or YARA.