TC-CS-CDR-NG SIEM-Staff

NGSIEM JD details for Staff

Staff :

Role Summary

The NG SIEM Staff role supports monitoring, log onboarding, and basic detection engineering across modern SIEM ecosystems. The role also assists in case management activities, workflows, and basic SOAR playbook operations.

Key Responsibilities

• Support end-to-end onboarding of log sources into NG SIEM via Cribl, Syslog, cloud connectors.


• Validate parsing, normalization, and schema mapping.


• Assist in writing basic detection queries (SPL/KQL/CQL).


• Perform case creation, triage, assignment, and closure using SIEM Case Management module.


• Review correlation events generated by Fusion engines and escalate anomalies.


• Trigger and monitor SOAR playbooks for routine alert handling.


• Participate in alert enrichment, tagging, and case documentation.


• Troubleshoot ingestion, worker group issues, queue delays, and missing logs.


• Support operational runbooks and SOP documentation.


• Ensure logs and detections align with MITRE ATT&CK.


• Exposure to next‑gen SIEM AI features such as Charlotte AI for query generation, detections troubleshooting, and search assistance.


• Basic understanding of AI-driven features in Sentinel & Copilot, including assisted incident summarization and automated enrichment.


• Hands‑on interest in exploring AI capabilities of SOAR platforms such as Fusion or Sentinel SOAR to speed up investigation tasks.

Skills & Experience

• Knowledge of SIEM, SOC workflows, detection lifecycle.


• Experience using Case Management tools (Falcon NGSIEM, Sentinel Incident Hub, Splunk ES).


• Basic understanding of SOAR automation (CrowdStrike Fusion, Sentinel SOAR, Splunk SOAR).


• Hands-on with at least one query language (SPL/KQL/CQL).


• Familiarity with cloud and firewall log sources.