Senior VSOC Engineer / Architect

SIEM Engineering & Architecture

• Design, deploy, and maintain Microsoft Sentinel and Splunk Enterprise Security environments.
• Engineer and optimize log ingestion pipelines, ensuring completeness, normalization, and performance.
• Develop and manage data models, dashboards, and automation workflows to improve SOC visibility and scalability.
• Integrate new log sources from IoT, network, endpoint, and cloud systems.
• Maintain and enforce data governance, retention, and compliance requirements.

Automation & Integration

• Build and maintain custom automations using Python, PowerShell, or Bash to reduce manual SOC processes.
• Implement SOAR playbooks (e.g., Sentinel Logic Apps or Splunk SOAR) for triage and enrichment workflows.
• Develop and maintain API-based integrations between security tools, ticketing systems, and cloud services.
• Automate alert enrichment, log correlation, and workflow routing using orchestration platforms.

Cloud Security Engineering

• Implement and manage security controls, logging, and monitoring pipelines in AWS and Azure.
• Architect and maintain integrations with Security Hub, GuardDuty, CloudTrail, Azure Defender, and Log Analytics.
• Engineer cross-cloud telemetry and ensure coverage for all critical IoT workloads.
• Apply infrastructure-as-code principles (Terraform, CloudFormation, or Bicep) for repeatable security deployments.

SOC Platform Development & Support

• Evaluate and onboard new technologies for SOC automation, detection, and analytics.
• Collaborate with development and DevOps teams to embed monitoring at the infrastructure and application layers.
• Implement scalability improvements, data-quality validation, and system-performance monitoring for SOC tooling.
• Develop documentation, runbooks, and training material for analysts and engineering teams.

Continuous Improvement & Governance

• Conduct gap assessments and tool performance reviews to improve SOC maturity.
• Define engineering standards and best practices for log onboarding, alert design, and automation lifecycle management.
• Partner with architecture and compliance teams to align to industry frameworks (NIST, CIS, ISO 27001).
• Contribute to technology roadmaps, tool evaluations, and R&D initiatives for SOC modernization.

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience.
• 3–5+ years in SOC engineering, security architecture, or SIEM platform management.
• Hands-on experience with Microsoft Sentinel (required).
• Experience with Splunk Enterprise Security, AWS, Azure, and scripting in Python, PowerShell, or Bash.
• Strong understanding of network protocols, identity systems, log management, and security event pipelines.

• Knowledge of monitoring related requirement in regulations such as: UNR 155/156, EASA, Machinery Regulation, CRA, NIS2, 15 CFR Part 791D, TSA Security Directives relevant to Rail & Aviation.
• Experience with SOAR platforms (Splunk SOAR, Sentinel Playbooks, Cortex XSOAR).
• Familiarity with data engineering tools (Kafka, Kinesis, Logstash, Fluentd).
• Experience with cloud-native security architecture and Zero Trust principles.
• Strong background in API development, scripting pipelines, and log schema design