At EY, we’re all in to shape your future with confidence.

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.

Join EY and help to build a better working world.

Security Technology – SIEM/SOAR Support – Team Lead

EY Technology

Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently and securely. We have more than 300,000 people in more than 160 countries, all of whom rely on secure technology to be able to do their job every day. Everything we use as a firm depends on our security mindset. Securing technology is our passion. Please join us and show us your passion.

The opportunity

We are looking for a SIEM Support Team Leader, who will become part of our Security Technology Operations team. In this role, you will be involved in managing and coordinating activities related to SIEM Applications. The ideal candidate will have prior experience implementing and supporting SIEM technologies such as Microsoft Azure Sentinel and SOAR. You will also supervise a team of like-minded individuals managing the 24x7 operation of our business-critical technology.

Your key Responsibilities

• Key responsibilities will include the implementation and run state of SIEM-related technologies. The role performs Level 3 support for Information Security SIEM technologies. Responsibilities involve the daily management of incidents, operational maintenance and support, and proactive/preventative analysis of systems. Applications can reside in EY as well as within vendor facilities and cloud.

• Provide technical oversight of Information Security technologies that fall under the team’s responsibilities, confirming they are operating within agreed service levels and at peak performance

• Creating/Testing/Deploying SIEM/SOAR upgrades, configurations changes, etc. in multiple environments

• Monitoring the SIEM/ADX/Cribl infrastructure (including but not limited to key health indicators of the platform).

• Manage, drive and coordinate planned maintenance activities as well as the standardization and automation of processes and procedures for Information Security technologies.

• Represent the team in specific project activities, including participating in projects and driving team deliverables towards successful completion.

• Flexible to work out of regular office hours to participate with the team for occasional organizational calls and meetings. Weekend or late-night work may occur during product outages or maintenance releases, although infrequent as part of a 24x7 operation with off-shore team support

• Articulate technology issues/concerns that may emerge at any level of the technical stack, and from any component across the ecosystem, to technology leaders

Skills and attributes for success

We are interested in people who bring in operational experience in large environment having performed detailed troubleshooting of issues, using your analytical skills and collaborating with other technical teams, stakeholders, internal and external customers. As a successful candidate, you will have functional and/or technical experience in supporting a variety of Security Information and Event Management tools.

To qualify for the role, you must have

• 6-8 years of experience in an enterprise IT support role

• AZURE platform management and Microsoft Sentinel SIEM experience.

• Experience managing people and collaborating across teams.

• Demonstrated success leading and mentoring support engineers, setting clear expectations, managing on-call/operational maturity, and growing technical depth across the team.

• Demonstrated experience managing enterprise SIEM platforms within multi-workspace environments, with a particular focus on Microsoft Sentinel, including operational functions and automation utilizing Logic Apps. Possesses comprehensive knowledge of both platform engineering activities and Security Operations Center (SOC) procedures.

• Working knowledge of log ingestion, normalization, enrichment, and routing using Cribl Stream.

• Understanding of log data governance, access controls, regulatory considerations, and audit requirements within Sentinel and Cribl-managed pipelines.

• Ability to partner effectively with SOC, IR, cloud, infrastructure, compliance, and executive stakeholders to translate security and telemetry needs into actionable outcomes.

• Knowledge of Azure cloud technology including knowledge of Azure AD, Log Analytics and Sentinel. Exposure to SOAR technologies and DevOps experience is a plus

• Knowledge and experience with scripting languages such as Python, Power

Shell and Bash:

• Several years’ experience working in a large global virtual environment

• Strong English language skills – written and verbal

Ideally, you’ll also have

• Bachelor's degree in computer related field or equivalent work experience.

• GSEC/CISSP or other security related generalist certification from ISC2 or GIAC

• Information Technology Infrastructure Library (ITIL v2, v3 or v4 Foundation training)

• Experience in project management, service introduction, and service readiness

What we look for

This role is perfect for you, if you have excellent problem solving, decision making and communication skills.

We are looking for people who are comfortable working with culturally diverse on/offshore team members, able to react appropriately during stressful and ambiguous situations.

What working at EY offers

We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around

• Opportunities to develop new skills and progress your career

• The freedom and flexibility to handle your role in a way that’s right for you

EY | Building a better working world

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.