Security Architect/SIEM Architect Rijswijk, Netherlands or Remote

Responsibilities

• Lead the design, deployment and configuration of SIEM solutions, ensuring seamless integration with various security tools, systems and log sources
• Plan and execute SIEM migration projects, including data transfer, log source integration, rule/alert migration and configuration tuning
• Develop, customise and fine-tune SIEM use cases, correlation rules, dashboards and reports to effectively detect threats and suspicious activities
• Integrate diverse log sources such as firewalls, IDS/IPS, antivirus, cloud services, applications and operating systems into the SIEM for comprehensive monitoring
• Collaborate with the SOC (Security Operations Center) team to support further use case creation and finetuning following SOC team requirements
• Regularly review and optimize SIEM performance to ensure efficient log collection, storage, processing and alerting
• Maintain comprehensive documentation for SIEM configurations, integrations client and migration processes, providing regular reports on SIEM performance
• Train and mentor junior security engineers and SOC analysts on SIEM use, best practices and troubleshooting
• Work closely with IT, security and network teams to ensure the SIEM platform aligns with security strategies and goals

Requirements

• At least 10 years of experience in Cyber Security. Most of which specialized in engineering SIEM solutions and working in a SOC
• Bachelor’s degree in computer science, Information Security or a related field (or equivalent experience)
• Expertise in SIEM engineering and architecture, with a focus on at least Splunk or any other leading SIEM solutions like QRadar, ArcSight, LogRythm and Azure Sentinel among others
• Experience in managing the full delivery lifecycle for SIEM enhancements and automation including working on converged SIEM solutions that include SOAR and XDR solutions within it
• Proficiency in integrating log sources and developing correlation rules, alerts and dashboards
• Experience working in cloud environments (AWS, Azure, GCP) and integrating cloud logs into SIEM solutions
• Understanding security frameworks (MITRE ATT&CK, NIST, ISO 27001) and regulatory compliance (GDPR, PCI-DSS)
• Knowledge of network protocols, firewalls, IDS/IPS, endpoint security and threat intelligence
• Ability to understand the client’s needs, their specific security challenges and the regulatory landscape to provide tailored solutions
• Ability to manage stakeholders at various levels, from technical staff to senior executives and effectively communicate complex technical concepts to clients. To work effectively with teams from different departments within large organizations and enterprises

Nice to have

• Proven experience with multiple SIEM solutions
• Hands-on experience with SIEM migration projects, including planning, execution and troubleshooting
• Familiarity with scripting languages (Python, PowerShell, Bash) for automation and data parsing
• SIEM-specific certifications such as Splunk Certified Architect, IBM QRadar Certification or ArcSight Certified Security Analyst
• Security certifications such as CISSP, CEH, CompTIA CASP+ or GIAC are an advantage

We offer

• 26 paid holiday days
• Pension plan scheme
• EPAM Employee Stock Purchase Plan (ESPP)
• Commuting to work - costs reimbursement
• Laptop + corporate simcard + corporate mobile device (subject to certain eligibility requirements)
• Employee Assistance Program
• Corporate Programs including Employee Referral Program with rewards
• Learning and development opportunities including in-house training and coaching, professional certifications, over 22,000 courses on LinkedIn Learning Solutions and much more
• *All benefits and perks are subject to certain eligibility requirements