SIEM ADMINISTRATOR-MANILA

SIEM Admin
Position Summary: The SIEM Administrator is responsible for the design, maintenance, optimization, and daily operational support of the organization’s SIEM platforms within the Security Operations Center (SOC). This role ensures reliable log ingestion, parsing, correlation, and data availability to support threat detection, incident response, and compliance requirements. A strong understanding of Splunk, Microsoft Sentinel, and Google SecOps is essential.

Responsibilities and Duties:

Platform Administration & Engineering Deploy, configure, and maintain SIEM platforms, primarily Splunk, MS Sentinel, and Google SecOps. Manage data onboarding: log ingestion pipelines, connectors, API integrations, and event routing. Develop and maintain parsers, normalization schemas, and correlation rules. Ensure platform availability, scalability, and performance through routine health checks and optimization. Maintain access controls, RBAC, and platform security hardening. Content Development & Optimization Build and optimize dashboards, alerts, reports, and saved searches to support SOC analysts and leadership. This can involve SIEM tool, or Data metrics tool like PowerBI or Google Lookerstudio Implement new data sources and detection opportunities as threats evolve. Operational Support Troubleshoot ingestion issues, parsing failures, and correlation logic problems. Maintain documentation for ingestion mappings, correlation logic, and platform configuration. Ensure compliance with logging requirements and retention policies. Collaboration & Governance Work closely with SOC analysts, threat intel teams, security engineers, and system owners. Participate in change management, platform upgrades, and SIEM architecture roadmap planning.

Provide mentorship and knowledge sharing to analysts regarding query building, dashboards, and SIEM best practices.

Qualifications & Requirements Education & Experience 3–5+ years of experience in a SOC, SIEM engineering, security engineering, or related cybersecurity operations role. Formal degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience. Experience operating and maintaining Splunk, Microsoft Sentinel, and Google SecOps (formerly Chronicle).

Experience integrating enterprise technologies (firewalls, EDR, SaaS platforms, cloud services, network devices) into SIEM.

Technical (Hard) Skills SIEM Mastery: Splunk Enterprise (search language, data models, apps, UF/HF/IDX management). Microsoft Sentinel (Log Analytics, KQL, connectors, automation runbooks). Google SecOps / Chronicle (UDM/M, parsers, detections, rules engine). Strong proficiency in KQL, Splunk SPL, and structured query languages. Familiarity with log pipelines, ETL, and data transformation. Experience with cloud platforms (Azure, AWS, GCP) and associated logging frameworks. Knowledge of MITRE ATT&CK, SIEM correlation strategies, and detection engineering principles. Scripting experience (Python, PowerShell, Bash) for automation and tooling. Understanding of TCP/IP, DNS, authentication logs, Windows/Linux logging, EDR/AV telemetry, and cloud audit logs.

Experience with SOAR platforms (Sentinel Automation, Splunk SOAR, or others) is an asset.

Soft Skills Strong analytical thinking and problem-solving abilities. Excellent communication skills and an ability to translate technical details for non-technical audiences. Attention to detail, especially in troubleshooting complex ingestion or parsing issues. Ability to collaborate in fast-paced SOC environments with cross-functional teams. Strong prioritization and time-management, especially during incident pressure. Growth mindset with willingness to learn evolving SIEM capabilities and threat landscapes.