SIEM Engineer


ORION is a not-for-profit organization dedicated to empowering Ontario researchers, educators and innovators. We foster a community of more than two million users at more than a hundred universities, college, hospitals and research institutions, as well as the majority of Ontario’s school boards. We enable ground-breaking discoveries and cutting-edge education by connecting institutions and regions through our network, facilitating collaboration, and providing our community with the digital tools and expert support they need to make the world a better place. 

As a member of the ORION engineering team, the SIEM Engineer is responsible for the security operational aspects of the Ontario Research and Innovation Optical Network (ORION). Individual will work as part of that is responsible for the Network Operations of the ORION network. ORION is a Province wide network utilized by researchers, educators and scientists for research and education purposes. 

The candidate for the position of SIEM Engineer is required to understand network protocols and systems behaviours. It is expected this position will perform in a Security Operations Centre (SOC) environment by providing first point of contact for security operations especially in managing and developing managed security services e.g. SOC, SIEM, and managed firewalls. 

Responsibilities and Duties

  • Design, deploy and maintain SIEM (Security Information Event Management) components (Connectors / Loggoers / etc.).
  • Ensure logs collections mechanisms are in place and continually monitored via proper health check. 
  • Develop and deploy security monitoring use cases.
  • Ensure a constant communication with the different CSIRT teams (Incident Response teams) across the ORION network and other RENS across Canada.
  • Continually improve the SIEM Platform and enhance the security monitoring. 
  • Participate in developing a Security Operations Centre. Activities will include security architecture, design and requirements, operationalization, maintenance, governance, and risk management.
  • Analyze security events and incidents to determine the root cause and apply the appropriate mitigation measures as outlined by organization Incident Response Plan 
  • Plan, implement and upgrade security measures and controls
  • Triage and analysis of security events followed by prioritization and escalation of alerts that exceed the SOC threshold
  • Define, implement and maintain corporate security policies, directives and procedures
  • Manage network devices, intrusion detection and prevention systems and VPN access
  • Recommend and install appropriate IT Security tools and countermeasures

Skills and Competencies

  • Good communication and organization skills
  • 3 – 5 years SIEM experience
  • Windows, Unix and Linux Operation Systems
  • TCP/IP, computer networking, routing and switching, firewalls, VPN
  • Vulnerabilities and Information Risk assessments
  • Good knowledge of IT Security Frameworks (NIST, ISF, ISO 27001, etc.)
  • Forensics investigation and analysis of security incidents (how and why a security breach or a compromised system occured)

Desired Certifications and Education

  • Bachelor degree or diploma in computer science or related fields
  • Certified Information Systems Security Professional (CISSP)
  • Certified Ethical Hacker (CEH)
  • Other relevant certifications include: CISA, CISM, ISO 27001 Lead Auditor, SABSA or similar certification is and asset Knowledge of ITIL, NIST, and ISO best practices and process improvement
  • A combination of studies, certifications and relevant experience would be also considered

Industry specific requirements

  • Three to five years of relevant experience in an operational IT Security environmnet such as SOC or CSIRT
  • Good understanding of SIEM Technology from architecture and engineering perspectives
  • Good understanding of Security Monitoring
  • In-depth knowledge of security event management, network monitoring, log collection and correlation


Please apply to