×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Administrator

SIEM & Log Management Administrator

Job in Toronto, Ontario, C6A, Canada
Listing for: Leadingtalent
Full Time position
Listed on 2026-06-19
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Administrator
Job Description & How to Apply Below

Position

Description:

The Global Security Operations Center (GSOC) is seeking a SIEM & Log Management Administrator to support its Log Analytics Team. This role will serve as a key enabler for security observability, responsible for administering, maintaining and optimizing our log management and SIEM solutions, while ensuring high data quality, completeness, and integrity across the security telemetry pipeline.

This is a highly technical, hands‑on role requiring deep expertise in log ingestion, normalization, transformation, and the health of distributed data systems that support threat detection, response, and security analytics at scale.

Your future duties and responsibilities:
  • SIEM Administration
    • Administer and maintain Splunk environments including forwarders, indexes, ingestion pipelines, and knowledge objects.
    • Tune and optimize ES correlation searches, risk‑based alerting (RBA), and data models to support efficient threat detection.
    • Ensure Splunk Common Information Model (CIM) compliance and coordinate with detection engineers to map new log sources to existing or custom data models.
    • Manage user roles, RBAC, and app configurations in Splunk Cloud and ES environments.
  • Log Management Administration
    • Deploy and manage Cribl pipelines for ingestion, enrichment, reduction, and routing of telemetry data from cloud and on‑prem environments.
    • Leverage Cribl Functions, Packs, and Replay features to maintain data integrity and reprocess missed or misconfigured logs.
    • Collaborate with log source owners to define parsing and transformation logic to meet CIM and use case needs.
  • Security Data Quality Engineering
    • Build automated checks and dashboards to monitor log source onboarding, field completeness, parsing errors, and CIM conformance.
    • Define and implement KPIs for data health (time delay, field presence, event volume anomalies).
    • Identify and remediate ingestion gaps, stale feeds, duplicate data, or parsing failures impacting detection efficacy.
    • Work with threat detection and IR teams to validate log fidelity against detection requirements and incident investigations.
  • Operational Support & Automation
    • Act as an escalation point for ingestion issues, data loss, and SIEM platform anomalies.
    • Automate deployment and validation of data pipeline changes using CI/CD pipelines and infrastructure-as-code tools (Terraform, Git).
    • Create and maintain documentation, runbooks, and support knowledge sharing across SOC and engineering teams.
    • Document all custom configurations not covered by vendor documentation.
    • Ensure all configuration changes are managed using Change Management best practices.
    • Ensure OS and application upgrades and patches are applied as required.
    • Participate in an on‑call rotation to support GSOC 24/7 mission requirements.
  • Monitoring, Security Application Incident Reporting
    • Define, implement and monitor operational and performance objectives for each security application (Mean Time Between Failure, Mean Time to Recover, Availability, Disk space usage, CPU usage) as defined in the Operations Model.
    • Monitor security applications for availability, performance and usage using monitoring tools.
    • When applications fall below operational and performance objectives, report incidents using the appropriate method and work towards problem resolution.
    • When application incidents are reported, troubleshoot and determine root cause and required corrective action in a timely manner.
    • If required, work with application SMEs and CGI internal and external service providers to resolve incidents.
    • Ensure lessons learned through root cause analysis and troubleshooting are documented.
  • Collaboration and Continuous Improvement
    • Continuously look for opportunities to share knowledge with teammates using oral and written communication skills.
    • Help project teams achieve their cost, schedule, and quality goals by completing tasks on time and with quality.
Required qualifications to be successful in this role:

The candidate should be passionate about technology & security, love to solve technical challenges and like to learn new modern solutions. This person should also be able to demonstrate a thorough understanding of infrastructure operations and in-depth…

Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search