LogRhythm SIEM Engineer

We are seeking an experienced LogRhythm Resident Engineer (SIEM Specialist) to join our team and provide on-site SIEM platform management for our enterprise clients. In this customer-facing role, you will be responsible for the end-to-end administration, optimization, and support of the LogRhythm SIEM platform. You will act as the primary technical point of contact for our clients SOC teams, ensuring the SIEM operates at peak performance and effectively supports their security monitoring and incident response needs.

This is a hands-on technical role requiring deep expertise in LogRhythm, strong security operations knowledge, and excellent communication skills.

Key Responsibilities

1. LogRhythm Platform Administration & Management

• Install, configure, and maintain all LogRhythm SIEM components (Collectors, Data Processors, Data Indexers, Console).
• Perform regular system upgrades, patches, and health checks to ensure platform stability and security.
• Manage system performance, storage capacity, and log retention policies.
• Troubleshoot and resolve platform-related issues in coordination with LogRhythm TAC.

2. Security Monitoring & Detection Tuning

• Develop, customize, and optimize correlation rules, alarms, and AI Engine rules to improve threat detection.
• Reduce false positives and enhance detection accuracy through continuous tuning and analysis.
• Design and customize dashboards, reports, and alerts to meet SOC team requirements.
• Conduct regular reviews of detection coverage and recommend improvements.

3. Log Source Integration & Data Management

• Onboard and normalize logs from a wide range of sources:
• Network devices (firewalls, routers, switches, IDS/IPS)
• Servers (Windows, Linux, Unix)
• Security tools (EDR, AV, IAM, PAM, cloud platforms like AWS/Azure)
• Troubleshoot log parsing, ingestion, and normalization issues.
• Ensure complete and accurate log collection across the client environment.

4. Incident Response & SOC Support

• Provide direct support to SOC analysts during security incidents and investigations.
• Assist with threat hunting, root cause analysis, and forensic investigations using LogRhythm.
• Guide SOC teams in following incident response workflows and best practices within the SIEM.
• Develop and maintain runbooks and standard operating procedures (SOPs).

5. Customer Advisory & Enablement

• Act as a trusted security advisor to client stakeholders.
• Deliver hands-on training and knowledge transfer to SOC and IT teams.
• Recommend SIEM architecture improvements, best practices, and optimization strategies.
• Prepare and present regular performance and health reports to client leadership.

Required Qualifications & Skills

Mandatory Technical Experience

• 37+ years of hands-on experience with LogRhythm SIEM in deployment, administration, and tuning.
• Proven experience as a SIEM Engineer, LogRhythm Administrator, or SOC Analyst (Tier 2/3) with strong LogRhythm platform exposure.
• Solid understanding of Security Operations (SOC), network security concepts, and log analysis methodologies.
• Experience with log source integration for network devices, servers, and security tools.
• Proficiency in Windows and Linux administration.
• Scripting skills in PowerShell, Python, or Bash for automation and log parsing.

Preferred Certifications

• LogRhythm Certified Professional (LRCP) / LogRhythm Certified Administrator (LRCA)
• CISSP, GCIH, GCED, Security+
• ITIL Foundation

Soft Skills & Abilities

• Excellent customer-facing communication and presentation skills.
• Ability to work independently in an on-site/resident engineer role.
• Strong troubleshooting and problem-solving abilities.
• Proficient in documentation and knowledge transfer.
• Professional fluency in English (Arabic is a plus).