SOC SIEM Administrator
GoSecure
California, USA
Posted on Nov 6, 2025
Job purpose
The SIEM Administrator will work with the SOC & SOC Infrastructure teams at GoSecure to provide application support on current and future SIEM products, ensure data feeds and application operation are maintained, and provide support to cyber security analysts in development of analytics and other operational aspects of the SIEM/SOAR product suite.
Duties and responsibilities
Application support: Providing support for current and future SIEM products, including ensuring data feeds and application operation are maintained
Cyber security analyst support: Helping cyber security analysts develop analytics and other operational aspects of the SIEM product Data management: Archiving, backing up, and purging data as needed and in compliance
Evidence collection: Collecting evidence for audits and documenting all activities performed and recorded
Change management: Raising change management tickets for SOC
Admin activities and incidents Troubleshooting: Coordinating with the SOC Monitoring team on troubleshooting issues and escalating them with a 3rd party TAC/Support team as required
Security policies: Developing and maintaining security policies, procedures, and standards to ensure compliance with regulatory requirements
Content improvements: Working with the Cybersecurity Incident Response Team and Threat Intelligence Team to identify content improvements
Technical oversight: Providing technical oversight, standardization, and validation of the effectiveness of SIEM content service UAT -> Production Cycle: Stage and deploy upgrades, content changes and infrastructure improvements across several lab (UAT) and production environments to ensure minimal impact
Proactive Monitoring: Implement iterative improvements for all resource utilization, data flow and operational metrics to create actionable alerts to the SOC Infra team to highlight production health issues before they impact SOC duties
SIEM Onboarding Support: Collaborate with new and existing customers to onboard log sources, ensure proper data normalization, and validate ingestion of logs for cybersecurity use cases.
Required:
·Bachelor's degree and 4+ years of prior relevant experience; additional work experience or Cyber courses/certifications may be accepted in lieu of degree.
· In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g., Splunk, Elastic/Kibana, FortiSIEM). UNIX OS Administration & command line experience
· Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
· Windows/Unix-specific networking
· Familiarity with various security tooling including EDR, NGAV, and Vulnerability Scanning technologies
· Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain and an ability to think and work independently.
· Motivated self-starter and the ability to create complex technical reports on analytic findings.
The following personal abilities are favored at GoSecure:
· Exceptional organizational skills;
· Ability to think problems and operational activities beyond technical scope, envisioning general business and political ramifications;
· Ability to work independently and handle multiple tasks concurrently
· Adaptable to diverse environments.
· Energic and positive with a ‘’can do’’ attitude
· English: fluent or intermediate, French considered a bonus
