Join to apply for the Lead SIEM Engineer role at Lombard Counseling and Psychological Services
Cyber Response Platforms is looking for an experienced (10+ years) cyber‑security professional to join their team as a SIEM lead. Our ideal candidate has hands‑on experience in computer network defense working either in a Security Operations Center or Cyber Incident Response Team.
You will lead a team of technologists and cyber‑security professionals that are dedicated to improving the coverage, quality and automation of cyber‑security detection and response.
Primary Responsibilities
* Supervise and govern the development of analytics in Splunk (SPL) or Elastic Search (EQL) to detect actionable security alerts
* Develop and fine‑tune advanced detection rules, alerting mechanisms, and use cases to identify and respond to sophisticated security threats
* Create comprehensive security metrics, reports, dashboards, providing detailed insights into the organization's security posture
* Ensure that the SIEM solution complies with global regulatory standards and industry best practices
* Mentor and guide SIEM engineers, fostering a culture of continuous learning and development within the team
* Participate in the development of the organization's security strategy and contribute to its execution
* Monitor and support SIEM platforms to ensure security and stability of SOC infrastructure
Additional Leadership Responsibilities
* Provide day‑to‑day leadership and oversight for the SIEM engineering team, ensuring alignment with strategic goals and operational priorities
* Facilitate regular team standups, retrospectives, and planning sessions to promote transparency and accountability
* Coach team members on technical and professional growth, offering constructive feedback and career development support
* Champion a collaborative and inclusive team culture that encourages innovation, ownership, and continuous improvement
* Identify and address skill gaps through targeted training, mentoring, and knowledge‑sharing initiatives
* Act as a point of escalation for technical challenges and team dynamics, resolving issues with empathy and decisiveness
* Collaborate with cross‑functional teams to ensure seamless integration of SIEM capabilities into broader cyber response workflows
Skills Required (essential)
* Minimum of 10 years of experience in cyber detection engineering or incident response
* Strong understanding of network security, endpoint detection and computer forensics
* Experience in the creation and management of detection logic in SIEMs (e.g. Elastic Search, Splunk, ArcSight, Microsoft Sentinel)
* Experience with SIEM rule tuning, correlation logic, alert de‑duplication and false‑positive reduction techniques
* Strong knowledge of exploitation techniques (e.g. MITRE ATT&CK) and use‑case development
* Thorough TCP/IP and protocol experience (OSI L2-L7, DNS, HTTP, REST, SOAP)
* Highly experienced with Unix/Linux command‑line tools and shell scripting
* Strong communication, task management and organizational skills
Skills Desired
* Experience developing automations in SOAR (e.g. Palo Alto XSOAR, SumoLogic, Swimlane)
* Experience within the application of Indicators of Compromise (e.g. YARA rules, STIX and TAXII)
* Strong hands‑on experience with a query language (e.g Splunk's SPL or Elastic's EQL, SQL)
* Experience with streaming data frameworks (e.g. Kafka, NiFi, Spark)
* Experience with CI/CD technology (e.g Jenkins, GitLab CI, GitHub Actions)
* Experience in the administration of systems (e.g. servers, desktops) or security controls (AV, Endpoint, IDS)
* Intermediate experience developing scripts in Python
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential.
#J-18808-Ljbffr