You are the kind of engineer who finds satisfaction in making sure the right security data is in the right place at the right time, every time. You see SIEM not as a checkbox, but as a living platform that keeps evolving,if you can spot the gaps, close them, and keep the signal clean.
You've spent real time in Elastic, not just reading the docs, but getting your hands dirty onboarding logs, tuning parsers, and troubleshooting pipelines that suddenly stopped behaving at 2 a.m. You know that the value of a detection rule is in the threats it actually finds, not the ones it should find in theory. You like collaborating with other security folks, but you're also comfortable working on your own stretch of the platform, taking a project from “here's the ask” to “here's the dashboard.” You are clear and direct in your documentation because you know someone will need to pick up your work at 3 a.m. You want to build things that last, and you want your work to move the needle on real-world security.
Your responsibilities will include implementing, administering, and maintaining Elastic SIEM platform components following existing architectures and standards, onboarding new log sources using syslog, Elastic Agents, Logstash, Filebeat, and APIs, validating data quality and coverage, developing and maintaining parsers, enrichments, and normalization pipelines in line with Elastic Common Schema (ECS), working with application owners to define logging requirements and enforce data quality standards, building and maintaining SIEM correlation rules, dashboards, and reports that drive threat detection and investigation, monitoring SIEM data flow, ingestion health, and data growth, identifying and escalating issues as needed, tuning detections and dashboards with CSIRT and SecOps to reduce noise and improve actionable alerts, producing clear, accurate documentation for parsers, detections, and operational procedures.
You will increase visibility into security events across Synopsys by improving log onboarding and data normalization, enable faster, more accurate threat detection through robust rules and actionable dashboards, boost platform reliability and operational efficiency with stable ingestion and standardized pipelines, empower incident response teams to investigate with confidence using consistent, well-structured data, strengthen partnerships between security engineering and operations by delivering reliable SIEM outputs, and help Synopsys meet compliance and audit needs with reliable data archiving and recovery support.
XML job scraping automation by YubHub
