SIEM​/SOAR Production Services Specialist ll

Job Overview

This job is responsible for providing front-line support to end users, responding to issues related to incidents and problem management governance for multiple applications, and leading triage activities on all business impacting incidents. Key responsibilities include ensuring compliance with incident management and problem management policies and procedures, serving as a focal point for the customer, client, and associate experience, restoring complex production incidents under tight Service Level Agreements, and pursuing root cause and problem resolution follow ups.

• Leads production support triage efforts, manages bridge line troubleshooting, engages in technical research, and escalates issues to leadership as needed
• Ensures all impacts are accurately recorded and documented in the system of record, oversees that documents and wikis are updated and available for use during triage, and supports the documentation of application flows, upstream/downstream impacts during outages, the customer experience, and contacts for support needs
• Identifies and/or validates business impacts through interpretation of monitors, dashboards, and logs to communicate with leadership and vendors
• Manages activities to identify incident root cause, resolution, preventative actions, and change requests, and reports on incident data quality
• Promotes and enforces production governance during triage/testing and identifies production failure scenarios, vulnerabilities, and opportunities for improvement
• Serves as a subject matter expert for applications within a portfolio, leveraging extensive knowledge of application functionalities and application flows
• Assesses and prioritizes research requests, ad hoc reports, and offline incidents at the direction of senior team members and delegates work as needed to team members and peers

• We’re looking for an experienced IT Security professional with 5+ years of hands‑on expertise in SIEM/SOAR to join our team. In this role, an ideal candidate will manage and optimize Splunk for advanced threat detection, automation, and incident response.
• Will collaborate IT teams to build detection rules, automation playbooks, and dashboards that strengthen our security posture in a fast-paced Fin Tech environment.
• Manage, configure, and optimize SIEM/SOAR platforms (primarily Splunk).
• Develop detection rules, dashboards, and automation playbooks.
• Monitor and analyze security events to identify threats and reduce response times.
• This position is expected to deliver above and beyond services to our internal customers to facilitate business continuity with a meet or exceed SLAs.
• This includes monitoring, incident response, problem engagement during triage, service restoral, identification of root cause, and facilitation and coordination for a permanent fix - in accordance with agreed best practices.
• The Ideal candidate will have over 10 years of hands‑on experience within the realm of IAM (identity and Access Management) space. Well conversant with the tools and applications employed within the highly regulated Fin Tech industry.
• SME with expert level hands‑on knowledge of Access management and Entitlement technologies. Must have expert level experience in Windows OS, Red Hat Linux, SQL queries, SQL/Oracle and other flavors of databases. Well versed with Red Hat Linux Open Shift containers, Atlassian JIRA & Horizon platforms, Git Hub, Ansible, Jenkins, ITSM Remedy, Splunk, Dynatrace, Power Shell/Unix Scripting, cloud experience including other CI/CD Dev Ops tools.

• MUST BE ABLE TO WORK SATURDAY OR SUNDAY WHEN ON CALL OR FOR NEW RELEASES
• 5+ years of experience in SIEM/SOAR administration and security operations.
• Well conversant with 5 C's of cyber security - Change, Compliance, Cost, Continuity and Coverage
• Passionate about cybersecurity and automation, a SIEM/SOAR expert to help us strengthen our cyber resilience, turning Splunk skills into impact
• Use Splunk skills to fight threats and keep financial services secure
• Strong hands‑on knowledge of Splunk (searches, dashboards, alerts, playbooks).
• Solid understanding of cybersecurity frameworks, threat…