SIEM Administrator – Mumbai

Company: Network Intelligence
Apply for the SIEM Administrator – Mumbai
Location: Mumbai
Job Description:

Key Responsibilities:

SIEM Administration:

  • Manage day‑to‑day administration of an enterprise SIEM platform, including:
  • User & role management (RBAC)
  • Health monitoring, capacity management, EPS monitoring
  • Deployment and management of collectors, forwarders, log sources
  • Backup, retention, and storage management
  • Onboard, parse development, and normalize new log sources across security, network, cloud, and OS environments.
  • Tune SIEM correlation rules, searches, and alerts to reduce false positives and improve accuracy.
  • Develop dashboards, reports, and monitoring views for SOC operations.
  • Implement and maintain rule packages, reference sets/lists, and enrichment fields.
  • Ensure SIEM performance, HA, and operational stability.
  • ·

Administer and maintain an enterprise SOAR platform including:

  • Integration management
  • User and team configurations
  • Incident types, layouts, classifications, and mapping
  • ·

Design, develop, test, and deploy SOAR automation playbooks for:

  • Triage
  • Enrichment
  • Containment
  • Notification & workflow orchestration
  • ·

Enhance existing playbooks with improved enrichment, decision logic, and approval flows.

  • ·

Collaborate with SOC analysts and the IR team to automate manual steps and improve response efficiency.

  • ·

Maintain automation codebase (primarily Python‑based actions/scripts).

Required Skills & Experience

  • 2–5 years of experience in Security Operations / SIEM & SOAR engineering.
  • Strong hands‑on experience with:
  • SIEM administration (log ingestion standard and Custom integration, normalization, SIEM performance tuning and enhancement, dashboards)
  • SOAR administration (integrations, playbooks development, Entity enrichment, incident flows design and development)
  • Strong Python scripting for automation tasks in SOAR.
  • Strong knowledge of log formats: Syslog, CEF, JSON, XML, REST APIs.
  • Experience in troubleshooting ingestion issues and parsing problems.
  • Strong understanding of:
  • MITRE ATT&CK
  • Use case lifecycle
  • Incident response workflows
  • Enrichment and automation best practices
  • Good understanding of OS internals (Windows/Linux), network security devices, cloud logs, and security tools.

Posted: March 24th, 2026

Similar Jobs: