SIEM/SOAR Engineer

Job Description Job Description BreakPoint Labs is seeking a SIEM/SOAR Engineer to manage and maintain the CSSP’s Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms. This role is responsible for administering an enterprise Elastic cluster while ensuring the performance, availability, and security of these critical systems. The engineer will leverage strong communication, analytical, and problem-solving skills to identify, communicate, and resolve issues, ultimately maximizing the effectiveness and value of CSSP security system investments. Responsibilities include: Design, implement, and maintain the SIEM and SOAR infrastructure (Elastic and Splunk). Manage and maintain an enterprise Elastic cluster to support SIEM operations for the CSSP. Monitor and analyze security events and incidents to protect information assets. Assist in the develop and maintain use cases, rules, and alerts for threat detection and response. Integrate SIEM and SOAR systems with other security tools and data sources. Automate security operations workflows and incident response procedures using SOAR platforms. Perform regular system monitoring and health checks to ensure the integrity and availability of SIEM and SOAR systems. Conduct performance tuning, capacity planning, and scalability assessments for SIEM and SOAR solutions. Implement and manage data ingestion pipelines for security event data. Perform regular updates, patches, and upgrades for SIEM and SOAR systems. Create and maintain documentation for system configurations, processes, and standard operating procedures. Collaborate with security analysts, operations analysts, incident responders, and other CSSP teams to ensure effective use of SIEM and SOAR capabilities. Provide guidance and support to operations analysts on the use of SIEM and SOAR tools. Stay updated with the latest trends, tools, and best practices in SIEM and SOAR technologies. Conduct research and recommend improvements to enhance the effectiveness of the SIEM and SOAR solutions. Required Experience: Minimum of 3 years of experience in maintaining an enterprise Elastic cluster. Proficiency in managing and maintaining SIEM and SOAR solutions. Experience with Elasticsearch Enterprise (including Logstash and Kibana) for SIEM operations. Understanding of security event and incident management processes. Knowledge of scripting languages (e.g., Python, PowerShell) for automation and integration. Experience with threat detection and response methodologies. Extensive experience with Linux Administration of RHEL Operating Systems. Strong experience with networking protocols, solutions, and methodologies. Excellent troubleshooting and problem-solving skills. Strong documentation skills. Strong communication and interpersonal skills. Ability to work in a team-oriented, collaborative environment. Ability to prioritize and execute tasks in a high-pressure environment. Available for on-call after-hours rotational support as needed. Certifications Required: DoD 8570 IAT Level II and DoD 8140 CSSP Auditor compliant Security Clearance Required: Secret Education required: Bachelor’s Degree Company Description BreakPoint Labs, a small business cybersecurity services firm, is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency, BreakPoint Labs is developing and leveraging technology to enable a more secure cyberspace. With well-formed service delivery models in cybersecurity assessments, defensive cyber operations, research and development, and cybersecurity training, BreakPoint Labs supports a diverse customer base in addressing its most challenging problems in cyberspace. BreakPoint Labs is constantly seeking enthusiastic cybersecurity professionals, either to exchange technical ideas and lessons learned or to potentially join the BreakPoint Labs Team. Through an established corporate culture, BreakPoint Labs embraces a highly technical, [geeky] workforce passionate about developing and leveraging technology to secure cyberspace. Company Description BreakPoint Labs, a small business cybersecurity services firm, is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency, BreakPoint Labs is developing and leveraging technology to enable a more secure cyberspace. With well-formed service delivery models in cybersecurity assessments, defensive cyber operations, research and development, and cybersecurity training, BreakPoint Labs supports a diverse customer base in addressing its most challenging problems in cyberspace.\r\n\r\nBreakPoint Labs is constantly seeking enthusiastic cybersecurity professionals, either to exchange technical ideas and lessons learned or to potentially join the BreakPoint Labs Team. Through an established corporate culture, BreakPoint Labs embraces a highly technical, [geeky] workforce passionate about developing and leveraging technology to secure cyberspace.