SIEM Administrator

Role Summary The SIEM Administrator will design, configure, and manage the enterprise SIEM platform with a strong focus on integrating and operationalizing CrowdStrike Falcon telemetry. The role ensures effective log ingestion, high quality detections, and smooth collaboration with SOC and IR teams to strengthen monitoring and response capabilities. Key Responsibilities SIEM Administration Deploy, manage, and optimize SIEM platforms (Splunk / QRadar / Sentinel / Elastic). Build and maintain data ingestion pipelines, field extractions, correlation rules, dashboards, and RBAC. Conduct health monitoring, upgrades, patching, and performance tuning for SIEM infrastructure. Ensure retention policies, storage lifecycle, and configurations meet security and compliance needs. CrowdStrike Falcon Engineering Integrate Falcon (FDR/Event Streams/API) telemetry into the SIEM. Normalize, enrich, and map Falcon events to

MITRE ATT&CK.

Develop detections, dashboards, and endpoint security reports. Ensure full sensor coverage, log completeness, and detection quality. Detection Engineering & Tuning Write and tune correlation rules for endpoint, identity, network, and cloud threats. Reduce false positives and improve alert fidelity through tuning and contextual enrichment. Maintain detection documentation and lifecycle (dev test prod). Automation & Integration Integrate SIEM with SOAR for automated enrichment and response workflows. Build automation for IOC lookups, ticketing, host isolation, and log queries. Ensure reliable execution and governance for all automated tasks. Logging, Coverage & Governance Define logging standards and ensure onboarding of critical log sources across IT, cloud, and security tools. Troubleshoot ingestion failures and maintain high data quality. Maintain runbooks, technical documentation, and compliance ready configurations. Cross Team Collaboration Work closely with SOC, IR, Endpoint, Network, and Cloud teams on improving detection and response processes. Provide SME support during incidents, investigations, and RCA discussions. Required Skills Technical 5 8 years of SIEM engineering/administration experience. Strong hands on expertise integrating CrowdStrike Falcon with SIEM platforms. Experience with log parsing, regex, JSON, APIs, and

MITRE ATT&CK

mapping. Knowledge of endpoint, network, identity, and cloud logs (AWS/Azure/GCP). Scripting (Python, PowerShell, Bash) for automation and enrichment. Security Operations Experience supporting SOC and IR functions. Strong understanding of detection logic, alert triage, attacker TTPs, and investigation workflows. Professional Strong communication and documentation skills. Ability to work in high pressure incident scenarios. Strong analytical and troubleshooting capabilities. Preferred Experience with SOAR tools. Exposure to cloud logging and SIEM automation frameworks. Certifications such as Splunk Admin/Power User, SC 200, CrowdStrike CCFA/CCFR, CySA+, GCIH