Tier 3 Security Analyst

@AwaisChaudhry

Hello, I understand you need a hands-on Tier 3 SOC/SIEM engineer to strengthen detection and response by refining SIEM use cases, automation, and incident response processes across cloud and on-prem environments. My approach is to onboard and normalize log sources in Splunk, Sentinel, QRadar, Defender, or Chronicle, then build robust detection rules and anomaly models. I will design and implement incident response playbooks and automate workflows with SOAR tools, while continuously improving them with threat intelligence. I will map threats using MITRE ATT&CK to create actionable SIEM use cases, develop dashboards and reports to show security posture, and document runbooks, procedures, and incident reports. I will work collaboratively with IT, DevOps, and security teams and adapt to your cloud footprint (Azure/AWS) with clear communication and measurable milestones. Which SIEM platform will be the primary focus, and what are the top log sources to onboard first? Do you have existing incident response playbooks and SOAR tooling preferences (Logic Apps, XSOAR) to integrate? What are your SLAs for detection and response, and what is your current SOC maturity target? Best regards,

@srmukul2

Hello, I’m Shofiur Rahman, Certified Ethical Hacker and CEO of Pentest Testing Corp, with strong experience in SOC operations, SIEM engineering, and detection-focused security testing. I have worked extensively with Splunk, Microsoft Sentinel/Defender, and cloud-based logging environments, I can support your mission by: - Optimizing SIEM configurations (log ingestion, parsing, normalization) - Developing and tuning high-fidelity detection rules using MITRE ATT&CK mapping - Building use cases for lateral movement, persistence, and data exfiltration - Designing and automating incident response playbooks using SOAR tools - Enhancing alert triage, investigation workflows, and threat correlation - Creating dashboards and reporting for visibility and decision-making I bring a strong blend of offensive (pentesting) and defensive (SOC/SIEM) expertise, allowing me to design detections based on real attacker techniques, not just theoretical patterns. Technically, I’m comfortable with KQL, SPL, Python/PowerShell, and integrating logs across cloud and on-prem environments. To align quickly, could you please share: - Which SIEM and SOAR platforms are currently in place? - Key log sources already onboarded - Current pain points (false positives, gaps in detection, etc.) I’m available to start immediately and contribute to improving your SOC detection capabilities and automation maturity. Best regards, Shofiur

@corpmember29

Hello, I’ve reviewed the detailed requirements of your Senior SOC / SIEM Engineer role and am confident that my experience aligns with your needs. With over 10 years of expertise in cybersecurity and SIEM engineering, I can actively contribute to enhancing your detection capabilities, automating processes, and refining incident response. Approach: SIEM Engineering: I have hands-on experience with Splunk, Microsoft Sentinel, and IBM QRadar. I can configure and optimize SIEM platforms, ensuring seamless onboarding of log sources across both cloud and on-prem environments. Incident Response & Automation: I specialize in designing and implementing incident response playbooks for scenarios like phishing, lateral movement, and data exfiltration. Additionally, I’m proficient in automation with SOAR tools (XSOAR, Logic Apps), helping to streamline workflows and incident handling. Threat Detection & Response: I’ll enhance detection logic using threat intelligence and frameworks like MITRE ATT&CK to create effective use cases, prioritize risk, and respond to incidents efficiently. Collaboration & Reporting: I’ll create comprehensive dashboards and reports on security posture and incidents, ensuring clear communication with stakeholders and IT teams. Looking forward to hearing from you.

@artakharutyun7

Hi, I’m a hands-on SOC/SIEM engineer with strong experience building and optimizing detection capabilities across modern security stacks. I’ve worked extensively with tools like Splunk and Microsoft Sentinel, developing high-quality detection rules, onboarding diverse log sources, and improving visibility across cloud and on-prem environments. My focus is on practical detection engineering—translating real threats into actionable use cases using frameworks like MITRE ATT&CK. I regularly build and tune queries (KQL/SPL), reduce false positives, and strengthen alert fidelity. I also design and automate incident response playbooks using SOAR tools, improving response time and consistency for scenarios like phishing, lateral movement, and data exfiltration. Beyond detection, I contribute to investigations, threat analysis, and continuous improvement of SOC processes. I’m comfortable working independently, collaborating with cross-functional teams, and maintaining clear documentation and dashboards for security posture. I bring a balance of technical depth and operational mindset, with a strong emphasis on measurable improvements in detection coverage and response efficiency. Ready to contribute immediately and help elevate your SOC maturity. Best regards, Artak

@Sohail748

Hii there, I’m offering a 30 percent discount for this project and would be glad to assist you as a Tier 3 Security Analyst. With experience in cybersecurity, threat detection, and incident response, I can provide advanced analysis and mitigation strategies to protect your systems and data. My approach will focus on monitoring complex security events, investigating high-level incidents, identifying vulnerabilities, and implementing corrective measures. I can also provide recommendations for improving security policies, threat intelligence analysis, and collaboration with IT teams to ensure compliance and robust defense mechanisms. As a dedicated freelancer, I prioritize attention to detail, clear communication, and delivering precise, actionable security insights. I am confident that I can support your organization with Tier 3-level security analysis to maintain a secure and resilient IT environment. Kind regards, Sohail Jamil

@Ekarthaan

Hi Wisure, Just last week I completed a similar task successfully, so I can get started on this without any ramp-up time. Which SIEMs are primary for this mission (Sentinel tenant(s), Splunk, QRadar, Chronicle), their ingest rate/retention, and target data model (ASIM/CIM)? Which SOAR/ticketing stack (Logic Apps, XSOAR, ServiceNow/Jira) and current incident severity/KPIs (MTTD/MTTR, false-positive rate) should detections and playbooks align to? Implement content-as-code: version all KQL/SPL/AQL and playbooks in Git with CI/CD (linting, unit tests on sample logs, Atomic Red Team simulations) and gated promotion to reduce regressions and MTTR. Establish data quality and cost controls: ingestion health SLAs, parser/schema validation, latency/drop monitors, normalization to ASIM/CIM, dedupe/field filtering, and tiered retention. Action Plan: Phase 1 Discovery—review SIEM/SOAR configs, log sources, detections, IR workflow; define KPIs and priority TTPs. Phase 2 Ingest Hardening—normalize parsers, tune connectors/DCR/CEF, build health dashboards/alerts. Phase 3 Detections—engineer high-value ATT&CK use cases, enrichments/baselines; backtest/tune. Phase 4 Automation—design/run playbooks with guardrails; dry-run then stage to prod. Phase 5 Validation & Handover—purple-team emulation, docs/runbooks, training, roadmap. Best Regards, Sid

@sarthaktyagi0

Senior DevSecOps/Security Engineer with 7+ years strengthening SOC and SIEM capabilities across cloud environments. Hands-on with Microsoft Sentinel, Defender, and Splunk—building detection rules (KQL/SPL), onboarding log sources, and improving signal-to-noise ratio. Experienced in designing playbooks (phishing, lateral movement, exfiltration) and automating response via Logic Apps and Python. Strong alignment with MITRE ATT&CK for detection engineering and threat modeling. I focus on practical outcomes—better detection coverage, faster response, and reduced alert fatigue. Comfortable working independently and collaborating with DevOps/Sec teams. Available to start immediately and contribute from day one.

@MRARIFAKRAM

I am a highly skilled IT professional with over 8 years of experience in various domains critical for this project's success. My extensive background in Linux system administration, software engineering, and web/mobile development demonstrates my flexibility and aptitude for diverse technological environments - a crucial trait when working with multiple SIEM platforms. Throughout my career, I've developed a deep understanding of different operating systems like Linux, Windows, Unix, macOS along with programming languages including Python; a skill that aligns perfectly with your requirement of scripting abilities. Furthermore, my experience has involved working on incident response and threat detection measures, complemented by strong knowledge of commonly-used frameworks such as MITRE ATT&CK - exactly what you are looking for! I'm not just technically qualified for this role—I thrive on being a proactive problem solver, who values pushing the envelope to enhance detection capabilities. A strong team player but also capable of working independently

@AZTURK1

Hi there, I will strengthen your SOC by improving SIEM use cases and automating playbooks , I have hands-on experience tuning Splunk and Microsoft Sentinel, building KQL/SPL detections and automating response with Logic Apps/XSOAR. - Deliverable: audit and baseline of current SIEM detections (Splunk/Sentinel) with prioritized MITRE ATT&CK-mapped gaps and concrete use cases. - Deliverable: implement 3 production-ready detection rules (KQL/SPL), parsing/normalization fixes, and dashboards for triage. - Deliverable: design and deploy 2 automated SOAR playbooks (phishing, lateral movement) using Logic Apps/XSOAR and Python/PowerShell orchestration. - Quality control: staged testing, rollback plan, and post-deploy validation using replayed logs and threat intel to ensure minimal disruption. Skills: ✅ Splunk ✅ Microsoft Sentinel / KQL ✅ Detection engineering & MITRE ATT&CK mapping ✅ SOAR automation (Logic Apps / XSOAR) & cloud deployment (Azure) ✅ Python / PowerShell scripting, log parsing, normalization Certificates: ✅ Microsoft® Certified: MCSA | MCSE | MCT ✅ cPanel® & WHM Certified CWSA-2 I’m available to start immediately; Which SIEM is primary (Splunk or Sentinel) and can you share sample logs / access for onboarding two high-value sources in the first 48h? Best regards,

@mayankinnovative

Hi, As per my understanding: You are looking for a senior SOC/SIEM engineer to strengthen your security operations by improving detection capabilities, optimizing SIEM platforms, and enhancing incident response. The role involves working with tools like Splunk, Sentinel, or QRadar, building detection rules, automating workflows with SOAR, and aligning detection strategies with frameworks like MITRE ATT&CK. Implementation approach: I would start by reviewing your current SIEM setup, log sources, and existing detection rules. Then I’ll optimize ingestion, normalization, and build high-quality detection use cases using KQL/SPL/AQL. I will design and automate incident response playbooks using SOAR tools, improving response speed and consistency. Threat modeling will be aligned with MITRE ATT&CK to prioritize high-risk scenarios. I’ll also create dashboards, reports, and documentation to improve SOC visibility and maturity. A few quick questions: Which SIEM and SOAR tools are currently in use? Do you have existing use cases/playbooks to refine? What is the current SOC maturity level (L1/L2/L3)?

@ExpertNetworkEng

Hello, I’m a Senior Network & Security Engineer with 10+ years of hands-on experience designing, implementing, and migrating enterprise and service-provider networks. I specialize in Network Security, SD-WAN, routing & switching, enterprise wireless, and secure network architecture, helping companies modernize legacy networks, improve reliability, and reduce WAN costs. Core expertise: - Firewalls & Security: FortiGate, Palo Alto, Cisco ASA / Firepower IPsec & SSL VPN, site-to-site, remote access, policy design - Routing & Switching: Cisco ASR/ISR, Catalyst, Nexus, Juniper Routers (M10, MX 960) and SRX 500 (BGP, OSPF, EIGRP, IS-IS, MPLS, VLANs, STP, HSRP/VRRP) Enterprise LAN & campus design - LAN Switching (Multi-Vendor): Cisco, Juniper, Meraki, HP, Aruba, FortiSwitch Access/core design, redundancy, QoS, segmentation - Enterprise Wireless: Cisco WLC & APs, Cisco Meraki Wi-Fi, Ubiquiti, Aruba Wi-Fi, FortiAP Coverage design, roaming, security, troubleshooting - SD-WAN: Fortinet SD-WAN, Cisco SD-WAN (Viptela), Cisco Meraki (hub-and-spoke, MPLS + Internet, segmentation, HA, traffic steering) - Cloud & Hybrid Networking: AWS / Azure / GCP Site-to-site VPN, routing integration - Network Automation: Python Certifications: CCIE Enterprise Cisco Certified Specialist – Enterprise SD-WAN Implementation CCNP Data Center CCNP Security Juniper JNCIA-Junos, JNCIA-Cloud If you share your current setup and goal, I can propose a clear and practical solution. Best regards,

@krisk63

Hi there, I'm Kristopher Kramer from McKinney, Texas. I’ve worked on similar projects before, and as a senior full-stack and AI engineer, I have the proven experience needed to deliver this successfully, so I have strong experience in Microsoft Azure, Penetration Testing, Splunk, Network Security, Cloud Security, Python, ITIL and Documentation. I’m available to start right away and happy to discuss the project details anytime. Looking forward to speaking with you soon. Best regards, Kristopher Kramer

@nadeemkhan7

Hello, I went through your project description and it seems like that I am a great fit for this job. I have an expert team with many years of experience in Python, ITIL, Splunk, Penetration Testing, Documentation, Cloud Security, Microsoft Azure, Network Security. Lets connect in chat so that we discuss further. Regards

@huonghy89

Hi, I hope you are doing well. Very happy to bid your project because my skills are fitted in your project. I have experience working with SIEM platforms (Splunk, Sentinel) and building detection rules, automation playbooks, and incident response workflows using Python and security frameworks like MITRE ATT&CK. I will enhance your SIEM by optimizing log ingestion, normalization, and detection use cases while improving alert quality and coverage across your environment. I will also design and automate incident response playbooks using SOAR tools, strengthen threat detection strategies, and deliver clear dashboards and documentation to improve SOC efficiency and maturity. If you send the message, we can discuss the project more. Thanks.

@nemanjac6

Salutation, It looks like you’re building a mature SOC environment that depends on strong SIEM engineering and reliable detection logic. With a background in backend systems and cloud-focused architectures, I’m comfortable working across Splunk, Sentinel, and QRadar pipelines to refine ingestion, normalization, and correlation. I’ve worked on similar systems where optimizing log flows and restructuring detection rules significantly boosted visibility and reduced false positives. For this mission, I would focus on tightening SIEM data models, implementing clean and efficient detection rules, and building automation through SOAR to streamline investigations. I would also ensure playbooks remain adaptive by integrating threat intelligence into response workflows. A small improvement could be adding event tagging to better track behavior patterns over time. Which SIEM platform do you consider the primary source of truth for your current detection strategy? Best regards, Nemanja

@billybryan98

Hello, I hope you are doing well. I am a hands-on security analyst with 3+ years in SOC, cloud and on-prem logs, SIEM engineering, and automation. I design, tune, and operationalize SIEM use cases, onboard sources, and build playbooks to reduce mean time to detect and respond. I’ve implemented detection rules, normalized diverse log formats, and automated incident workflows using SOAR tools, improving detection coverage and response speed. I can handle the work end-to-end, delivering scalable detections and clear runbooks based on MITRE ATT&CK and NIST guidance. I will prioritize tasks by business risk and work iteratively to show measurable improvements. Please feel free to contact me so we can discuss more details. I am looking forward to the chance of working together. Best regards, Billy Bryan

@justinw45

Hello, I understand the critical need for a seasoned Tier 3 Security Analyst/SIEM Engineer to elevate your security operations capabilities. My expertise lies in enhancing SIEM use cases, automating workflows, and refining incident response processes to fortify threat detection and response mechanisms. By leveraging frameworks like MITRE ATT&CK and translating threats into actionable SIEM use cases, I aim to prioritize detection efforts based on risk and business impact. With hands-on experience in SIEM platforms such as Splunk and Microsoft Sentinel, coupled with a strong foundation in threat detection and incident response, I am well-equipped to monitor, analyze, and improve detection logic using threat intelligence. Additionally, my proficiency in scripting languages like Python and PowerShell enables me to automate workflows and enhance playbooks effectively. I am ready to dive into this freelance mission immediately and would welcome the opportunity to discuss how my skill set aligns with your project requirements further. Best regards, Justin

@cindyviorinar

Hello, I’ve reviewed your Tier 3 Security Analyst brief and I’m confident I can strengthen your detection and response capabilities. I bring hands-on SIEM engineering experience across Splunk and Microsoft Sentinel, strong KQL/SPL skills, and practical SOAR automation using Logic Apps and XSOAR patterns. I focus on clear, maintainable detection logic mapped to MITRE ATT&CK, reliable log parsing/normalization, and pragmatic playbooks for phishing, lateral movement and data exfiltration. I’ll start by assessing current use cases and log coverage, then implement prioritized detections, automate response playbooks, and iterate using incident feedback and threat intelligence. I document playbooks, dashboards and runbooks so the SOC can operate consistently and scale. If you’d like, I can produce an initial triage and improvement plan within two weeks that outlines quick wins and medium-term work. Which SIEM(s) are you currently using in production, and what are the top two detection gaps you want closed first? Sincerely, Cindy Viorina

@DholariyaHardik

I'm a software developer with 5 years of experience in Splunk and Python, working within SOC environments. I handle everything from data onboarding and app/add-on development to managing distributed and clustered Splunk deployments. I also have hands-on experience with Microsoft Sentinel and KQL for detection engineering and alert fine-tuning. Certifications: Splunk Certified Power User Splunk Enterprise Certified Admin Splunk Certified Architect