SIEM Engineer at Sofia Stars

Sofia, Sofiya, Bulgaria -

Full Time

Start Date

Immediate

Expiry Date

08 May, 26

Salary

0.0

Posted On

07 Feb, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Yes

Skills

SIEM Platforms, Log Management, Event Correlation, Alerting Principles, Log Ingestion, Parsing, Normalization, Detection Rules, Dashboards, Reports, Security Operations, Incident Response, Threat Detection, Scripting, MITRE ATT&CK Framework, Analytical Skills, Communication Skills

Industry

Business Consulting and Services

Description

Sofia Stars is an operational services company based in Sofia. We offer a range of solutions for online businesses, including R&D, Marketing, Customer Support, KYC, Risk, and Anti-Fraud services. With 300+ bright stars on our team, we deliver secure, reliable solutions with a touch of quality that shines. When you join us, you’ll be part of a place where ideas light up, and growth isn’t just a promise—it’s a journey. ‼️ Important: This is an on-site position at one of our offices in: Belgrade (Serbia), Lisbon (Portugal), Sofia (Bulgaria), Valencia (Spain), Warsaw (Poland), Yerevan (Armenia). Remote or hybrid work is not available. Candidates must either already be in the location or be willing to relocate. The relocation support will be provided if necessary. We are seeking an SIEM Engineer to join our team at one of our offices. ✅ Responsibilities: ✔️ Design, implement, and maintain the organization’s SIEM platform to ensure continuous, reliable, and scalable security monitoring. ✔️ Develop and manage log source integrations across on-premise, cloud, and hybrid environments (e.g., infrastructure, applications, identity providers, endpoints). ✔️ Build, fine-tune, and maintain correlation rules, detection logic, and alerting workflows to identify potential threats and anomalous behavior. ✔️ Create and maintain dashboards, reports, and visualizations to support SOC operations, threat hunting, and management visibility. ✔️ Continuously optimize SIEM performance and data ingestion efficiency, including parsing, filtering, and normalization of logs. ✔️ Collaborate with Security Operations, Incident Response, and Threat Intelligence teams to improve detection coverage and response playbooks. ✔️ Conduct periodic use case reviews to ensure alignment with evolving threat landscape and business priorities. ✔️ Ensure proper data retention, storage, and access control configurations within the SIEM in accordance with internal policies and compliance standards. ✔️ Automate repetitive processes and data enrichment using scripting or integrations with SOAR and external APIs. ✔️ Document correlation rules, workflows, and integration procedures to maintain knowledge continuity. ✔️ Support audits and compliance reporting by ensuring log completeness, traceability, and integrity. ✔️ Participate in on-call or escalation rotations for critical security incidents where SIEM expertise is required. ✔️ Evaluate and recommend improvements to SIEM architecture, detection capabilities, and related toolsets. ✔️ Contribute to the roadmap and maturity development of the organization’s security monitoring and detection engineering functions. ✅ Requirements: ✔️ 3+ years of experience working with SIEM platforms (e.g., Splunk, ELK, QRadar, or similar). ✔️ 9+ months of experience working with ELK SIEM (Elasticsearch, Logstash, Kibana, and Beats). ✔️ Strong understanding of log management, event correlation, and alerting principles. ✔️ Hands-on experience with log ingestion, parsing, and normalization from multiple sources. ✔️ Proficiency in developing and tuning detection rules, dashboards, and reports. ✔️ Good knowledge of security operations, incident response, and threat detection processes. ✔️ Familiarity with common network, endpoint, and cloud security data sources. ✔️ Experience with scripting (Python, PowerShell, or similar) for automation and data enrichment. ✔️ Understanding of MITRE ATT&CK framework and its application in detection engineering. ✔️ Strong analytical and troubleshooting skills. ✔️ Effective communication and documentation skills. ✔️ Fluency in English (written and spoken). ✅ Nice to have: ✔️ Experience with SOAR platforms. ✔️ Experience with EDR. ✔️ Experience with cloud environments (AWS, Azure, GCP) and related log sources. ✔️ Familiarity with vulnerability management and exposure reduction processes. ✔️ Knowledge of regulatory and compliance requirements (GDPR, ISO 27001, SOC 2, etc.). ✔️ Previous experience working in a global or distributed Security Operations environment. ✅ We offer excellent benefits, including but not limited to: 🏖️ Up to 25 vacation days; 🤒 6 Undocumented Sick Leave Days; 💷 Monthly food vouchers (102 EUR); 🏥 Private Medical Insurance; 🏋🏼 Multisport Card; 🎁 Birthday, Wedding and Newborn gifts; 🍔 Breakfast, Friday lunches, fruits, and snacks in the office; 🎭 Monthly company activities and team-building events; 🚀 Career growth opportunities. Ready to shine? Let’s make it real. By submitting your application, you agree to our Privacy Policy.

Responsibilities

The SIEM Engineer will design, implement, and maintain the organization's SIEM platform for security monitoring. They will also develop log source integrations and collaborate with various teams to improve detection and response capabilities.