SIEM Support Engineer - EY

Senior Full-time San Nicolás - Capital Federal

We are looking for a SIEM Support Engineer, who will become part of our Security Technology Operations team. The ideal candidate will have prior experience implementing and supporting an SIEM technologies such as Splunk, SOAR, Securonix, Microsoft Azure Sentinel as well as RSA Archer.

What are you going to do?

  • Key responsibilities will include the implementation and run station of SIEM Support technologies.  The role performs Level 3 support for Information Security SIEM technologies.  Responsibilities involve the daily management of incidents, operational maintenance and support, and proactive/preventative analysis of systems.  Applications can reside in EY as well as within vendor facilities and cloud.

  • Provide technical oversight of Information Security technologies that fall under the team’s responsibilities, confirming they are operating within agreed service levels and at peak possible performance.

  • Monitoring performance of correlated and scheduled searches and identify opportunities to make searches/dashboards more efficient in Splunk to improve their performance.

  • Creating/Testing/Deploying Splunk upgrades, configurations changes, etc. in multiple environments.

  • Monitoring the Splunk infrastructure (including but not limited to non-performant queries and dashboards, key health indicators of the platform).

  • Manage, drive and coordinate planned maintenance activities as well as the standardization and automation of processes and procedures for Information Security technologies.

  • Represent the team in specific project activities, including participating in projects and driving team deliverables towards successful completion.

  • Articulate technology issues/concerns that may emerge at any level of the technical stack, and from any component across the ecosystem, to technology leaders.



What do we need from you?

  • We are interested in people who bring in operational experience in large environment having performed detailed troubleshooting of issues, by using their analytical skills and collaborating with other technical teams, stakeholders and internal and external customers.  As a successful candidate, you will have functional and/or technical experience in supporting a variety of Security Information and Event Management tools.

  • 5-7 years of experience in an enterprise IT support role.

  • Working knowledge of scripting languages such as Python and PowerShell.

  • Knowledge of Query Languages such as SPL (Search Processing Language) and KQL (Keyword Query Language) is a plus.

  • Splunk experience in Multicluster/Multi site environment.

  • Possess skills within the Azure cloud technology stack including knowledge of Azure AD, Sentinel, DevOps is a large plus.

  • Several years’ experience working in a large global virtual environment

  • Strong English language skills – written and verbal.

  • Bachelor's degree in computer related field or equivalent work experience.

  • Information Technology Infrastructure Library (ITIL v2 or v3 Foundations training) (preferred)

  • Experience in project management, service introduction, and service readiness.

  • Excellent problem solving, decision making and communication skills.


Shift: Monday to Friday from 1 to 10 PM.
Location: Microcentro

EY, an equal employment opportunity employer, values the diversity of our workforce and the knowledge of our people.

SIEM Support Engineer