Administer, optimize, and troubleshoot SIEM platforms (Wazuh & FortiSIEM).
• Onboard and manage log sources (firewalls, servers, IPS, WAF and etc).
• Develop, document and tune detection rules, correlation logic, dashboards, and alerts.
• Design, implement and document SOAR / playbooks for incident triage and response.
• Work closely with SOC analyst and all relevant team to understand their workflows and identify opportunities for automation and process involvement.
• Maintain operational documentation, SOPs, architecture diagrams, and use-case catalogues (design → testing → deployment → periodic review).
• Validate alert fidelity and reduce false positives.
• Perform regular detection health checks and coverage reviews and weekly
   reporting.
• Track detection effectiveness using KPIs (e.g false positive rate, MTTD contribution)
• Ensure compliance with security standards e.g ISO27001, regulatory requirements, and best practices.
• Operationalize threat intelligence into detections, enrichments, and hunting queries (Collaborate with third party vendor).
• Support SIEM capacity planning, performance tuning, and data growth forecasting.

Required Skills & Experience

Preferred Qualifications

• 3-4 years of experience in MSSP or enterprise cybersecurity, with proven expertise in SIEM platforms.
• CompTIA Security+, RedHat, or other Python/scripting certifications for understanding attacker TTPs and enhancing detection engineering.
• Strong scripting/programming skills in Python, PowerShell or JavaScript.
• Strong problem solving skills and analytical skills.
• Excellent written and verbal communication skills for documentation and cross-team collaboration.
• Willingness to participate in on-call rotations or provide support during high-severity   incidents (as needed).
• Experience integrating AI‑driven threat intelligence and leveraging AI to enhance adaptive   detection models is an added advantage.