SIEM Integration Engineer - Azure

The Cyber Defense SIEM Integration Engineer is a member of the Siemens Cyber Defense Center, whose primary mission is to defend Siemens against cyber security threats worldwide. You will help design and implement technical solutions with state-of-the-art tools capable of handling large volumes of data where scalability, consistency, security, and maintainability are key. Come join us and let's build reliable, performant, and secure systems together! In this role, you will:

• Collaborate with different defense teams (like Security Analysts, Threat Hunting, Incident Response, Data Science, SecDevOps, Threat Intelligence) to help create high quality Threat Detection for IT applications and application logs.
• Identify and onboard relevant log sources and detection components, including both on-premises and Azure-native sources.
• Implement and manage Azure resources and integrations for the ingestion of log sources into Microsoft Sentinel.
• Develop log parsers using Logstash Grok expressions to normalize and enrich data from various sources, with adherence to the Elastic Common Schema (ECS) format.
• Support strategic service planning by advising on best-suited detection and integration technologies, with a focus on Azure-native solutions and scalability.
• Assist in the administration and automation of tools and services within hybrid environments.
• Actively participate in monitoring-driven Incident and Problem Management processes.
• Contribute to internal knowledge creation and the sharing of best practices related to Azure and Sentinel architecture, data ingestion, and automation.

Do you have experience in Terraform?, Do you have a Bachelor's degree?, * Overall experience in security monitoring/security operations center environments (SOCs) and with their underlying processes.

• Good understanding of the cybersecurity landscape, including standards, frameworks, and best practices.
• Strong knowledge of Logstash, including plugin configuration and pipeline optimization.
• Experience onboarding logs from various sources using industrystandard tools and formats (e.g., Syslog, JSON, REST APIs).
• Experience with regular expressions and Grok-based parsing.
• Familiarity with cloud platforms, especially Microsoft Azure, including experience with:

• Sentinel and Log Analytics / KQL
• Azure Monitor and integration of Azure Monitor Agent for Linux
• Designing and implementing infrastructure supporting Sentinel data ingestion (e.g. Event Hubs, Storage Accounts, Key Vault, etc)
• Azure-native automation (e.g., Logic Apps & Functions)
• Deployment of workloads in Azure Container Instances (e.g., Logstash, Python)
• IaC with Terraform / OpenTofu

• Knowledge of syslog forwarding and ingestion using Azure VMs with AMA or other hybrid solutions.
• Comfortable with the Linux shell and command-line tools.
• Strong technical documentation writing skills.
• University degree (or equivalent experience) in computer science, IT security, or related fields.
• Proficiency in written and spoken English, with excellent interpersonal and collaborative skills.
• Willingness to build up and share your technical knowledge.
• Ability to communicate clearly and effectively with peers, partners, and customers

What do we offer?

A hybrid and flexible working model to promote a better work-life balance, along with a budget for home office support and the opportunity to do 16 hours a year of volunteer work. A health insurance, access to our on-site medical center, plus the chance to join sports groups.

In addition, you'll have access to online learning platforms and discounts with our partners. A shuttle bus to commute to the facilities and the possibility of financial support to your studies. Please attach your CV in English.