SIEM Administrator – Cybersecurity

The SIEM Administrator is responsible for implementing, maintaining, and optimizing the Security Information and Event Management (SIEM) platform to ensure continuous monitoring, threat detection, and incident response across the organization's IT environment. This role involves managing SIEM configurations, integrating various log sources, developing correlation rules, and ensuring data integrity and performance. The SIEM Administrator works closely with SOC analysts, system administrators, and cybersecurity teams to enhance the organization's overall security posture.

Key Responsibilities:

• SIEM Platform Management:
• Install, configure, and maintain SIEM tools (e.g., Splunk, IBM QRadar, ArcSight, Sentinel, LogRhythm).
• 3 years' experience on Microsoft Sentinel and app logic.
• Manage system health, performance tuning, and upgrades to ensure optimal operation.
• Integrate diverse log sources from servers, firewalls, applications, cloud services, and endpoints.
• Log Management and Correlation:
• Define and implement log collection policies and normalization standards.
• Develop and fine-tune correlation rules, alerts, and dashboards to detect potential threats and anomalies.
• Validate and troubleshoot log ingestion issues to ensure complete visibility across systems.
• Security Operations Support:
• Collaborate with SOC teams to improve incident detection, analysis, and response processes.
• Support incident investigations by providing detailed log analysis and event correlation.
• Maintain incident response playbooks and automate repetitive detection tasks where possible.
• Compliance and Reporting:
• Ensure SIEM logging and monitoring align with compliance frameworks (ISO 27001, NIST, GDPR, etc.).
• Generate regular reports and dashboards for management and audit purposes.
• Document configurations, procedures, and change logs for audit readiness.
• Continuous Improvement:
• Research emerging threats and update SIEM detection content accordingly.
• Evaluate and recommend enhancements to SIEM architecture and data sources.
• Conduct periodic health checks and capacity planning for the SIEM environment.

Qualifications and Skills:

• Education:
• Bachelor's degree in computer science, Information Security, or a related field.
• Master's degree or relevant certifications preferred.
• Certifications (Preferred):
• SIEM-specific certifications (e.g., Splunk Certified Administrator, QRadar Certified, Microsoft Sentinel).
• Security certifications such as CompTIA Security+, CEH, CISSP, or GIAC.
• Technical Skills:
• Strong knowledge of log management, event correlation, and network protocols.
• Hands-on experience with SIEM tools (Splunk, QRadar, ArcSight, Sentinel, etc.).
• Familiarity with firewalls, IDS/IPS, endpoint protection, and threat intelligence platforms.
• Scripting knowledge (Python, PowerShell, or Bash) for automation and integration.
• Experience with cloud environments (AWS, Azure, GCP) and their native security logging tools.
• Soft Skills:
• Strong analytical and problem-solving abilities.
• Excellent communication and documentation skills.
• Ability to work under pressure in a fast-paced security operations environment.
• Attention to detail and commitment to maintaining system integrity and confidentiality.

Experience Required:

• 3–5 years of experience in cybersecurity, with at least 2 years focusing on SIEM administration or engineering.

Experience working in a SOC or enterprise security environment is highly desirable.

Job Type: Full-time

Pay: QAR14, QAR16,000.00 per month

Education:

• Bachelor's (Required)

Experience:

• 3 years' experience on Microsoft Sentinel and app logic: 3 years (Required)
• focusing on SIEM administration or engineering: 2 years (Required)
• cybersecurity: 3 years (Required)

Language:

• Arabic (Required)
• English (Required)

License/Certification:

• degree in computer science, Information Security (Required)