Job Details

SIEM Engineer with 1-3 years of experience in Moscow. Salary discussed during interview. Company: T1. Responsibilities include SIEM system administration, data source integration, parser development, and system optimization.

Responsibilities: • Administration of the SIEM system as part of a large, distributed cluster with multiple installations. • Connecting new data sources. • Development and configuration of parsers for processing data from various sources. • Monitoring the flow of events and their correct display in the system. • Integration of the SIEM system with related systems (e.g., incident management systems, identity and access management systems, and others). • Scaling the system in accordance with the growing needs of the company. • Optimization of the operation of all system components to increase performance and reliability. • Development and maintenance of technical documentation, participation in training colleagues from related departments. • Participation in piloting new solutions for information security monitoring.

Requirements: • Higher education: Information Security specialization. • Work experience in a similar role from 1 year. • Understanding of the principles of operation and architecture of SIEM systems. • Experience with SIEM systems (Splunk, ArcSight, QRadar, ELK, and others). • Understanding of event logging processes in various data sources (system logs, network devices, applications, etc.) and experience in collecting them. • Experience in writing parsers and working with programming and scripting languages (Python, Bash, PowerShell, etc.). • Experience in administering Unix and Windows servers. • Knowledge of network protocols and information security principles.