Lead CrowdStrike SIEM Engineer; -Gen SIEM

Crowd Strike SIEM Engineer

Dubai, United Arab Emirates

We are seeking a skilled Crowd Strike Certified SIEM Engineer to design, implement, optimise, and support security monitoring capabilities built on the Crowd Strike Falcon platform and Log Scale SIEM. The ideal candidate will have strong experience in detection engineering, log ingestion pipelines, threat analytics, and SOC enablement within modern cloud‑native environments.

You will work closely with security operations teams, threat hunters, incident responders, and infrastructure stakeholders to ensure high‑fidelity detections, efficient log management, and continuous improvement of monitoring capabilities. This role requires strong technical depth, analytical thinking, and the ability to translate security requirements into scalable SIEM solutions.

• Deploy, configure, and maintain Crowd Strike Log Scale and associated Falcon platform components.

• Build and optimise log ingestion pipelines, parsers, schemas, and data retention policies.

• Ensure reliable onboarding of data sources across cloud, endpoint, network, and application layers.

• Maintain SIEM health, performance, and scalability through continuous tuning and optimisation.

• Develop, test, and deploy detection rules, queries, dashboards, and correlation logic in Log Scale.

• Align detection content with MITRE ATT&CK, threat intelligence, and emerging adversary behaviours.

• Reduce false positives through rule tuning, enrichment logic, and contextual data modelling.

• Collaborate with SOC analysts to enhance alert quality and response workflows.

• Support SOC teams with advanced query development, log analysis, and incident investigations.

• Provide technical expertise during major incidents, threat hunts, and forensic activities.

• Build automated workflows and integrations using Falcon Fusion, SOAR tools, or API‑based automation.

• Integrate Crowd Strike SIEM with third‑party tools such as EDR/XDR, NDR, cloud platforms, firewalls, IAM, and vulnerability scanners.

• Work with infrastructure and cloud teams to ensure secure, scalable, and compliant log collection.

• Contribute to the design of end‑to‑end monitoring architectures and security data strategies.

• Maintain documentation including runbooks, ingestion guides, detection catalogues, and architecture diagrams.

• Ensure SIEM configurations align with regulatory requirements and internal security standards.

• Drive continuous improvement through lessons learned, platform enhancements, and capability uplift.

• Work closely with SOC, Threat Intelligence, Cloud, Dev Ops, and IT teams to support monitoring needs.

• Provide technical guidance to stakeholders on logging requirements, detection gaps, and platform capabilities.

• Participate in workshops, design sessions, and security reviews.