Lead Security Information and Event Management (SIEM) Analyst

Lead SIEM Analyst - CrowdStrike , Cribl

Scope :

This role will focus on building, operating, and continuously improving SIEM capabilities that enable proactive threat detection, efficient investigations, and scalable security monitoring across a global, cloud-first enterprise.

What You’ll do:

• Design, implement, and operate SIEM capabilities using CrowdStrike NGSIEM
• Lead onboarding of new log sources, including development of custom parsers, field normalization, and data validation
• Build, tune, and maintain detection rules, correlation logic, and alerting aligned with real-world threats and MITRE ATT&CK
• Create and maintain dashboards and visualizations to support SOC operations, leadership reporting, and compliance requirements
• Use CrowdStrike Query Language (CQL) for advanced investigations, threat hunting, and data analysis
• Design and manage log ingestion pipelines using Cribl, including routing, enrichment, filtering, and transformation
• Develop and maintain automation and API-based integrations to streamline data onboarding, detection deployment, and operational workflows
• Partner with SOC analysts, cloud teams, and platform owners to ensure high-quality, security-relevant telemetry
• Act as a technical escalation point for SIEM-related investigations and incident response
• Continuously improve detection fidelity, data quality, and SIEM performance
• Support audit and compliance initiatives (e.g., PCI-DSS, ISO 27001, SOC 2) through monitoring, reporting, and evidence generation
• Document SIEM architecture, data flows, detection logic, and operational runbooks

• Security Tech Stack / Tools
• SIEM & Detection
• CrowdStrike NGSIEM (primary)
• Splunk (acceptable alternative where NGSIEM experience is not available)
• Detection engineering, correlation rules, dashboards, and alerting
• Log & Data Engineering
• Cribl (pipelines, routing, enrichment, filtering)
• Custom parser development and log normalization
• Automation & Integration
• Python, PowerShell
• REST APIs, Webhooks
• Automation for SIEM operations and integrations
• Any SOAR Tool Experience

What We’re Looking For

• 5 - 8 years of hands-on experience in SIEM engineering, detection engineering, or security monitoring
• Strong hands-on experience with CrowdStrike NGSIEM is required
  • Candidates without NGSIEM experience must demonstrate deep, hands-on SIEM engineering experience using Splunk in enterprise environments
• Proven experience developing custom parsers and onboarding diverse log sources
• Hands-on experience with CrowdStrike Query Language (CQL) or equivalent SIEM query languages
• Strong experience building detection rules, dashboards, and alerting for SOC operations
• Hands-on experience with Cribl for log routing, enrichment, and pipeline optimization
• Experience with automation and API-based integrations
• Solid understanding of security telemetry, log formats, and large-scale log ingestion architectures
• Ability to work effectively in a global, fast-paced environment

Preferred Skills / Nice to Have

• CrowdStrike Certified Security Engineer (CCSE) – strong plus
• Experience supporting SOC or MSSP environments
• Familiarity with compliance-driven monitoring (PCI-DSS, ISO 27001, SOC 2)
• Experience leading SIEM modernization or large-scale onboarding initiatives
• Strong communication skills and ability to collaborate across engineering and security teams

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

Experience Level

Senior Level