SIEM Administrator Responsibilities:

Maintaining SIEM platform stability and health and providing regular and clear communication to the MTD team and relevant stakeholders Monitoring system capacity to ensure that the platform does not encounter resource issues Serve as a deeply skilled and knowledgeable resource in the Linux and SIEM technology area Diagnosing and resolving incidents related to the platform Integration of technologies with SIEM tool connectors Parser configuration and creation Report configuration and modification Correlation rule creating and modification Resolving any platform issues that may occur within SLA and ensuring that service impact is minimal Assessing the impact of all changes that come through in relation to the platform Identifying proactive measures to improve performance wherever it is cost justifiable Responsible for enabling new SIEM alarms from inception, through to tuning Regularly checking that alarms within SIEM platform are working through regular testing Proactively and reactively tuning alarms and log sources for all clients on the platform On-boarding new clients from passed from deployment to ‘business as usual’ Overseeing upgrades and changes on the SIEM platform