IT Security SIEM Engineer

Compu-Vision Consulting Inc.

New York, NY

JOB DETAILS
SALARY
$80–$85 Per Hour
SKILLS
Administrative Skills, Analysis Skills, Antivirus, Automation, Bash Scripting, Cloud Computing, Communication Skills, Computer Networks, Computer Security, Consulting, Customer Support/Service, Data Analysis, Documentation, Endpoint Security, Firewalls, Forwarder, Hybrid Cloud, Incident Response, Integration Testing, Internet Security, Intrusion Detection Systems, Intrusion Prevention Systems, Maintain Compliance, Network Monitoring, Network Security, Network Support, Operational Improvement, Operational Strategy, Operational Support, Operations Security (OPSEC), Performance Metrics, Presentation/Verbal Skills, Problem Solving Skills, Python Programming/Scripting Language, Reporting Dashboards, Reporting Skills, Requirements Management, Scripting (Scripting Languages), Security Analysis, Security Architecture, Security Consulting, Security Information and Event Management (SIEM), Security Monitoring, Security Patches, Splunk, Strategic Planning, System Lifecycle, Systems Engineering, Technical Support, Telemetry, Use Cases, Windows PowerShell, Writing Skills
LOCATION
New York, NY
POSTED
2 days ago
Title: IT Security SIEM Engineer
Location: New York, NY
Duration: 12 months (35 hours/week)

Job Description:


The IT Security SIEM Engineer / Security Operations Consultant will play a key role in supporting client's cybersecurity program within this framework. This position supports both strategic initiatives and day-to-day security operations in client's hybrid environment, including SIEM engineering (Splunk), security monitoring, automation and scripting, endpoint protection, and overall operational security.
The role contributes across the full system engineering lifecycle, including requirements analysis, design, development, implementation, integration, testing, and documentation, ensuring strong security monitoring and operational resilience.

Scope of Work:

The consultant will provide engineering, operational, and administrative support across Client's cybersecurity environment, including SIEM (Splunk), endpoint security, scripting, automation, and security operations.

1. SIEM Engineering & Security Monitoring (Splunk)
The consultant will:
Provide engineering and administration support for Client's Splunk environment (cloud and/or hybrid).
  • Support search heads, indexers, deployers, deployment servers, heavy/universal forwarders, and Splunk applications.
  • Onboard and normalize new log sources (application, database, network, cloud, endpoint).
  • Develop and maintain complex Splunk queries, dashboards, reports, and alerts for both technical and executive audiences.
  • Analyze log data for anomalies, suspicious trends, and potential security incidents.
  • Design dashboards highlighting key security, operational, and performance metrics.
  • Support log correlation and threat detection use cases aligned with SOC requirements.
  • Assist with tuning alerts to reduce false positives and improve detection efficiency.
  • Work with stakeholders to gather requirements and deliver reporting solutions.

2. Security Operations & Incident Support
The consultant will:
  • Support day-to-day security monitoring activities in coordination with SOC and internal teams.
  • Assist in triage and analysis of security alerts and incidents.
  • Support incident investigations by leveraging logs, endpoint data, and network telemetry.
  • Assist with containment, eradication, and recovery actions when required.
  • Support development and refinement of detection use cases.
  • Contribute to incident response documentation and playbooks.

3. Scripting & Automation
The consultant will:
  • Develop and maintain automation scripts (e.g., PowerShell, Python, Bash) to improve operational efficiency.
  • Automate repetitive security tasks such as log ingestion validation, alert validation, reporting, and compliance checks.
  • Support automation of endpoint configuration validation and security control verification.
  • Assist in developing integrations between security tools where feasible.
  • Improve dashboard automation and scheduled reporting capabilities.

4. Endpoint Security & Operational IT Support
The consultant will provide operational support in the following areas:
  • Assist in monitoring and managing endpoint security tools (e.g., EDR, antivirus, host-based monitoring tools).
  • Support endpoint hardening initiatives and security configuration validation.
  • Assist with vulnerability remediation coordination and tracking.
  • Support security patch validation and compliance reporting.
  • Analyze endpoint telemetry for suspicious behavior patterns.
  • Support implementation of endpoint-related security improvements.

5. Operational IT Security Tasks
The consultant will also support broader day-to-day IT security operational needs, including:
  • Reviewing system logs for infrastructure components.
  • Supporting firewall and network security log monitoring in coordination with client.
  • Assisting with user access review processes and audit support.
  • Supporting documentation of security configurations and architecture diagrams.
  • Contributing to POAM tracking and remediation validation where required.
  • Supporting compliance reporting and audit evidence preparation.

Qualifications and Desired Skills
  • Strong hands-on experience with Splunk Enterprise and/or Splunk Cloud.
  • Experience with onboarding log sources and building detection logic.
  • Knowledge of enterprise logging (application, web, database, security, endpoint).
  • Experience with scripting languages (PowerShell, Python, Bash).
  • Familiarity with endpoint detection and response (EDR) tools.
  • Knowledge of incident response procedures.
  • Understanding of log correlation and threat detection techniques.
  • Experience with IDS/IPS and host-based security tools.
  • Strong analytical and problem-solving skills.
  • Ability to work independently and manage assigned tasks.
  • Strong verbal and written communication skills.

Preferred Certifications:
  • Splunk Enterprise Certified Admin / Architect
  • CISSP, CEH, GCIH, Security+, or equivalent certifications







About the Company

C

Compu-Vision Consulting Inc.