A great experience starts with you!

Honda Center welcomes fans, performers, and athletes from around the globe. Our team members are an integral part of the event experience through their interactions with guests. Whether you’re looking to create a great guest experience at a concert, support business growth and development, work behind-the-scenes during an Anaheim Ducks game, or anything in-between, this is your opportunity to start the next chapter of your career story and help create a one-of-a-kind fan experience at Honda Center. 

Once you've had a chance to explore our current open positions, apply to the ones you feel best suit you, as an applicant, you can always see your application status in your profile.

Job Title:

SOC/SIEM Engineer

Pay Details:

The annual base salary range for this position in California is $120,000 to $150,000 per year. The starting pay for the successful candidate depends on various job-related factors, including but not limited to the candidate’s geographic location, job-related knowledge, skills, experience, education/training, internal value, peer equity, external market demands, and organizational considerations.

The SOC/SIEM Engineer is responsible for designing, implementing, and maintaining the Security Information and Event Management (SIEM) and related Security Operations Center (SOC) system to ensure it effectively detects, monitors, and alerts on cybersecurity threats. The role involves not only monitoring and response but also a critical engineering component: the SIEM Engineer will help design and architect the SIEM infrastructure, select appropriate tools, and integrate log sources efficiently. The engineer will work closely with stakeholders to refine and optimize log streams and ensure the SIEM system remains performant and scalable. ​

Responsibilities

SIEM Engineering & Architecture:

• Lead efforts in the evaluation and selection of SIEM platforms (e.g., CrowdStrike NG SIEM, Microsoft Sentinel, Google Chronicle, Splunk) by developing functional and technical requirements based on organizational needs

• Architect the SIEM solution, including designing the log management infrastructure, event correlation capabilities, and long-term storage requirements for logs and events

• Implement log forwarding systems from various sources (e.g., firewalls, servers, cloud infrastructure, applications) into the SIEM while ensuring proper configuration and data normalization

• If appropriate, implement log streamlining with Cribl or similar tools to refine, deduplicate, and optimize log streams, reducing the overall log volume and cost while preserving critical security data

• Ensure the SIEM architecture is scalable, redundant, and supports high availability for mission-critical operations

SIEM Integration & Data Optimization:

• Collaborate with IT and the internal Cybersecurity team to identify relevant log sources, design integration points, and configure systems to forward logs effectively

• Manage the end-to-end integration of log sources, ensuring proper parsing, event normalization, and enrichment for security monitoring

• Fine-tune and optimize log forwarding streams to avoid unnecessary noise, reduce false positives, and prioritize security-relevant data

• Develop scripts and automation solutions for the efficient integration of new data sources and assist with the testing and validation of log data

• Work with stakeholders to ensure all critical infrastructure components and applications are sending security-relevant logs to the SIEM for monitoring and analysis

Security Monitoring & Incident Response:

• Monitor security events and incidents detected through the SIEM and other security tools, in collaboration with a 24x7 MSSP, ensuring timely analysis and response

• Serve as an internal SME at investigating and analyzing complex security incidents alerted on by the SOC/SIEM

• Develop and implement new SIEM use cases, correlation rules, and alerts for emerging threats and attack vectors

• Actively participate in incident response by identifying root causes, recommending containment measures, and coordinating remediation efforts

Threat Intelligence & Use Case Development:

• Stay up to date with the latest cybersecurity threats and incorporate relevant threat intelligence into the SIEM

• Develop custom correlation rules, dashboards, and workflows to detect advanced persistent threats (APTs) and other sophisticated attacks

• Continuously improve detection capabilities by working with internal and external sources to develop actionable use cases and playbooks

Automation & Orchestration:

• Utilize SOAR platforms or custom-built solutions to automate routine SOC processes such as log parsing, alert triage, and incident response

• Design and implement automated workflows to streamline SOC operations and improve response times

• Identify opportunities for automating log ingestion, enrichment, and correlation within the SIEM to reduce manual effort and enhance detection

Compliance & Reporting:

• Assist as needed with compliance efforts (e.g., PCI-DSS, CCPA, CIS), especially as they related to SIEM/SOC and log retention, through adjustment of SIEM logging and monitoring practices

• Generate and maintain regular reporting on SIEM health, event volume, detection trends, and performance for stakeholders and auditors

• Provide technical documentation and process guides related to SIEM architecture, log forwarding strategies, and tuning practices

Collaboration & Communication:

• Act as the primary point of contact for SIEM and log management-related issues and work closely with external vendors if necessary

• Provide training and knowledge-sharing sessions for SOC analysts and other IT personnel on SIEM operations and best practices

• Provide mentorship and guidance on security throughout the organization, including promotion of a security-minded culture through education and awareness efforts

Education:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field; equivalent work experience will also be considered

Experience:

• 5+ years of experience serving as lead or above in a Security Operations Center (SOC) or similar environment

• Strong experience in designing, architecting, and implementing SIEM solutions.

• Hands-on experience with log management, log source integration, and rule development in SIEM environments

• Experience with data optimization tools (e.g., Cribl) for refining and deduplicating log data streams

Technical Skills:

• Deep understanding of SIEM architecture, data pipelines, and high-performance log forwarding solutions

• Strong scripting and automation experience (e.g., Python, Bash, PowerShell) to assist with SIEM integration and incident response automation

• Familiarity with cloud infrastructure (AWS, Azure, GCP) and cloud-native logging solutions

• Knowledge of security technologies like IDS/IPS, firewalls, EDR, and vulnerability management tools

Certifications (Preferred):

• SIEM vendor certifications (e.g., CrowdStrike NG SIEM, Microsoft Sentinel, Google Chronicle, Splunk)

• GIAC Certified Detection Analyst (GCDA), Certified SOC Analyst (CSA), or similar certifications

• Certified Information Systems Security Professional (CISSP) or other security certifications

Soft Skills:

• Strong problem-solving and analytical skills, with attention to detail

• Ability to collaborate across different teams and communicate complex concepts clearly

• Experience working in a fast-paced environment with evolving security needs

Knowledge, Skills and Experience

Education - Bachelor's Degree

Experience Required – 5+ Years

This position is on-site.

JM2024

Company:

OC Sports & Entertainment, LLC

Our Commitment:

We are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and team members without regard to race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, parental status, military service, medical condition or any protected category prohibited by local, state or federal laws.  We are firm believers that diversity and inclusion among our team members are critical to our success, and we seek to recruit, develop, and retain the most talented people from a diverse candidate pool.

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!