SIEM Security Engineer

Job Description

We are looking for a SIEM Security Engineer to join our global Security Operations team and take ownership of our Microsoft Sentinel platform, with a strong focus on log ingestion, data engineering, detection engineering, and platform optimization using Azure Data Explorer (ADX) and Cribl. 

This role is key to enabling scalable security monitoring, high‑fidelity detections, and efficient incident response across a complex enterprise environment. You will work closely with SOC analysts, Cloud, Endpoint, Identity, and Network teams to ensure security telemetry is reliable, normalized, enriched, and actionable. 

 

Key Responsibilities: 

• Design, deploy, administer, and continuously improve Microsoft Sentinel in a multi‑subscription, enterprise Azure environment 
• Develop, tune, and maintain analytics rules, scheduled queries, NRT detections, workbooks, and dashboards using KQL 
• Optimize alert quality by reducing false positives and improving signal‑to‑noise ratio 
• Implement detections aligned with MITRE ATT&CK and threat intelligence use cases 
• Support SOC investigations by providing advanced log analysis and hunting queries 
• Design and maintain log ingestion pipelines using Cribl (Stream / Edge) 
• Perform log filtering, routing, transformation, enrichment, and cost optimization before ingestion into Sentinel or ADX 
• Onboard and manage log sources from cloud, on‑prem, SaaS, endpoint, network, and security tools 
• Leverage Azure Data Explorer (ADX) for high‑volume log storage, advanced analytics, and custom security use cases 
• Ensure data quality, schema consistency, retention policies, and performance at scale 
• Integrate Sentinel with SOAR (Logic Apps), threat intelligence feeds, ticketing systems, and security tooling 
• Automate ingestion, enrichment, and detection workflows using KQL, PowerShell, Python, or REST APIs 
• Monitor and optimize SIEM performance, ingestion latency, and platform costs 
• Handle incidents, service requests, and changes via ServiceNow / Jira, aligned with ITIL processes 
• Maintain clear documentation for architecture, pipelines, detections, and operational procedures in Confluence 
• Schedule: 10:00 – 19:00 

 

Qualifications: 

• Strong hands‑on experience with Microsoft Sentinel in an enterprise environment 
• Advanced proficiency in Kusto Query Language (KQL) for detections, hunting, and analytics 
• Practical experience with Cribl for log routing, enrichment, filtering, and pipeline management 
• Experience working with Azure Data Explorer (ADX) or similar large‑scale analytics platforms 
• Solid understanding of security logging and telemetry, including: 
• Windows & Linux OS logs 
• Azure / cloud security logs 
• Network, firewall, proxy, and endpoint telemetry 
• Identity and authentication logs (AD / Entra ID) 
• Strong knowledge of security fundamentals (networking, operating systems, identity, cloud) 
• Experience supporting SOC operations and incident response 
• Familiarity with ITIL processes and tools such as ServiceNow or Jira 
• Excellent troubleshooting skills in complex, distributed environments 
• Strong communication skills in English and ability to collaborate with global teams 

 

Nice to have Skills: 

• Experience with Sentinel SOAR (Logic Apps) and automated response workflows 
• Advanced hunting and detection engineering aligned to MITRE ATT&CK 
• Experience optimizing SIEM ingestion costs and data retention strategies 
• Scripting skills (Python, PowerShell) for automation and bulk configuration 
• Exposure to cloud-native security architectures and zero‑trust concepts 
• Experience in regulated enterprise environments (finance, pharma, manufacturing) 
• Relevant certifications (Microsoft Sentinel, Azure Security Engineer, Cribl, Splunk, GIAC) 

 

What we offer: 

• A hybrid work environment with flexibility 
• Competitive salary and benefits package 
• Opportunities for professional growth and further training 
• A dynamic and supportive team environment, collaborating on the latest in security technologies. 

Required Skills:

Availability Management, Change Controls, Data Quality, Data Retention, Distributed Computing, Distributed Systems, Global Team Collaboration, Incident Handling, Incident Management, ITIL Service Operations, Kusto Query Language (KQL), Management System Development, Platform Management, Problem Management, Quality Assurance (QA), Security Management, Security Technologies, Security Tools, Service Delivery, SLA Management, Software Configurations, Software Development Life Cycle (SDLC), Testing

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Regular

Relocation:

No relocation

VISA Sponsorship:

No

Travel Requirements:

No Travel Required

Flexible Work Arrangements:

Hybrid

Shift:

2nd - Evening

Valid Driving License:

No

Hazardous Material(s):

n/a

Job Posting End Date:

05/18/2026

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.