NorthMark StrategiesRemote
Cyber Defense Engineer - SIEM
United States of America
Full Time
2 weeks ago
H1B Sponsor Likely
Key skills
SIEM engineeringSecurity monitoringArtificial intelligenceMachine learningMicrosoft security stackSentinelDefender suiteAutomation toolingScripting languagesKQLPythonPowerShellAPI developmentLog ingestion methodologiesCybersecurity engineeringSOC engineeringInsider threatAIMLAnalytics
About this role
NorthMark Strategies is a company focused on building the future through strategic insight and technical prowess. They are seeking a Cyber Defense Engineer – SIEM who will be responsible for architecting and implementing advanced security solutions to enhance cyber defense investigations and incident response capabilities.
Responsibilities:
- Design, develop, and deploy AI-enhanced detections and automations within the SIEM/SOAR platform to improve signal-to-noise ratio and reduce alert fatigue
- Engineer and optimize SIEM pipelines using AI/ML techniques for anomaly detection, behavioral analytics, and threat correlation
- Integrate SIEM with security tools and data sources to build a context-rich, intelligence-driven monitoring ecosystem
- Develop and implement AI-assisted threat detection models, including user/entity behavior analytics (UEBA) and predictive analytics
- Collaborate with cyber defense operations to identify emerging threats and capability gaps, leveraging AI to proactively strengthen defenses
- Build and maintain automated response orchestration and intelligent playbooks that adapt based on threat context
- Design automation for alert enrichment, triage, and response using both rule-based and AI-assisted decisioning frameworks
- Partner with IT and engineering teams to ensure comprehensive telemetry collection and high-quality data pipelines
- Continuously improve SIEM engineering practices, including data normalization, enrichment strategies, and AI model tuning
- Support SOC operations by enhancing detection engineering, incident response workflows, and operational metrics through AI augmentation
Requirements:
- Bachelor's degree in computer science, Information Security, or a related field
- 4–6+ years of experience in cybersecurity engineering, SOC engineering, or insider threat
- Demonstrated expertise in SIEM engineering and security monitoring at scale
- Experience integrating or developing AI/ML capabilities within security operations or detection engineering
- Strong understanding of the Microsoft security stack (e.g., Sentinel, Defender suite)
- Proficiency with automation tooling and scripting languages (KQL, Python, Powershell)
- Proficiency in API development with the goal of integrating security tooling
- Familiarity with various log ingestion methodologies into a SIEM environment
- Highly motivated self-starter who thrives on positively influencing the environment
- Experience in multi-tenant or MSP like environments a plus