SIEM + GenAI - SIEM Engineer

SIEM + GenAI Engineer - Security Operations

We're seeking a highly skilled SIEM Engineer with hands-on experience in leveraging Generative AI to enhance security monitoring, alert triage, investigation, and SOC efficiency. This role combines traditional SIEM engineering with modern AI-driven automation and intelligence.

Key Responsibilities:

- Deploy, configure, and manage Securonix SIEM platforms - Onboard and normalize log sources across network, endpoint, cloud, IAM, and applications - Develop, tune, and optimize use cases, threat models, and policies - Perform alert investigation, triage, and root-cause analysis - Reduce false positives and improve detection accuracy - Leverage GenAI techniques to: - Automate alert summarization and investigation notes - Assist SOC analysts with AI-driven context enrichment - Accelerate use case development and tuning - Work with SOC teams to integrate AI-assisted workflows - Build dashboards, reports, and operational metrics - Collaborate with security, platform, and engineering teams - Support audit and compliance requirements

GenAI-Specific Expectations:

- Apply prompt engineering to improve SOC workflows - Use RAG (Retrieval-Augmented Generation) for security knowledge enrichment - Integrate LLMs with SIEM data for faster investigation and insights - Ensure data privacy, access control, and responsible AI usage in security contexts

Required Skills:

- 4-8+ years of experience in SIEM engineering or SOC operations - Strong hands-on experience with Securonix SIEM - Deep understanding of security logs (AD, Windows, Linux, Cloud, EDR, Firewall) - Knowledge of MITRE ATT&CK framework - Experience in alert tuning and threat detection engineering - Working knowledge of Python or scripting - Basic to intermediate exposure to GenAI / LLMs

Nice to Have:

- Experience integrating SIEM with SOAR or automation platforms - Hands-on exposure to LangChain, LlamaIndex, or similar GenAI frameworks - Experience with vector databases or embeddings - Cloud security experience (AWS / Azure / GCP) - SIEM / SOC certifications