### Senior SOC / SIEM Engineer (Freelance) We are looking for an experienced Tier 3 Security Analyst / SIEM Engineer to support and enhance our security operations capabilities. --- ### Mission You will contribute to strengthening detection and response capabilities by improving SIEM use cases, developing automation, and enhancing incident response processes. --- ### Responsibilities **SIEM Engineering** * Configure, manage, and optimize SIEM platforms (Splunk, Sentinel, QRadar, Defender, Chronicle) * Onboard and normalize log sources across cloud and on-prem environments * Develop and maintain detection rules (use cases, anomaly detection, behavioral analytics) **Automation and Playbooks** * Design and implement incident response playbooks (phishing, lateral movement, data exfiltration, etc.) * Automate workflows using SOAR tools (Logic Apps, XSOAR or similar) * Continuously improve playbooks based on incidents and threat intelligence **Threat Detection and Response** * Monitor and analyse alerts to identify potential threats * Perform investigations and support incident response activities * Improve detection logic using threat intelligence **Threat Modelling and Detection Engineering** * Use frameworks such as MITRE ATT&CK to design detection strategies * Translate threats into actionable SIEM use cases * Prioritize detection efforts based on risk and business impact **Reporting and Collaboration** * Create dashboards and reports on security posture and incidents * Collaborate with IT, DevOps, and security teams * Maintain documentation (playbooks, procedures, incident reports) --- ### Required Skills **SIEM and Tools** Hands-on experience with at least two of the following: * Splunk * Microsoft Sentinel or Defender * IBM QRadar * Google Chronicle **Technical Skills** * Experience with SIEM query languages (KQL, SPL, AQL) * Strong understanding of log formats, parsing, and normalization * Scripting skills (Python or PowerShell) **Security Knowledge** * Solid understanding of threat detection and incident response * Familiarity with frameworks such as MITRE ATT&CK, NIST, CIS * Good understanding of network traffic and suspicious behavior --- ### Nice to Have * Experience with SOAR tools (Logic Apps, XSOAR, etc.) * Cloud experience (Azure and/or AWS) * Knowledge of vulnerability management or penetration testing * Relevant certifications (SC-200, CISSP, GIAC, Splunk, etc.) --- ### Profile * 3+ years of experience in cybersecurity or SOC environments * Able to work independently and take ownership * Strong analytical and problem-solving skills * Good communication skills in English --- ### Engagement * Freelance mission * Remote or hybrid depending on the project * Potential for long-term collaboration --- We are looking for a hands-on engineer who can actively contribute to improving detection capabilities and SOC maturity.