As careers in cybersecurity become increasingly more specialized, Security Information and Event Management (SIEM) engineers are playing a more prominent role. These professionals are like forensic specialists but are also on the front lines protecting sensitive information from the relentless onslaught of cyber threats. SIEM engineers meticulously monitor, analyze and manage security events and incidents within an organization. They leverage SIEM tools to aggregate and correlate data, enabling them to detect anomalies, identify potential threats and respond swiftly to security incidents.

In their arsenal of tools, SIEM engineers also employ Security Orchestration, Automation, and Response (SOAR) and Extended Detection and Response (XDR) products. SOAR is a suite of solutions that allow organizations to collect data about security threats from multiple sources and respond to low-level security events without human assistance. It streamlines and automates the response process, enabling SIEM engineers to focus on more complex tasks. XDR solutions unify control and visibility across multiple security layers — endpoints, network and servers, extending detection and response capabilities beyond the traditional perimeter, providing a holistic view of the threat landscape. By integrating SOAR and XDR into their workflows, SIEM engineers can enhance their threat detection capabilities, automate repetitive tasks and respond to incidents more efficiently and effectively.

This article aims to help aspiring SIEM engineers on their career journey, shedding light on the skills, qualifications and experiences that will equip them for this challenging yet rewarding profession.

In this exclusive Q&A, we spoke with Rod Soto, a senior principal security research engineer for a leading SIEM solution provider. He has years of experience as a SIEM engineer and is a regular presenter at many cybersecurity conferences, researcher for HackMiami and founder of Silicon Valley’s Pacific Hackers Meetup group.

What is SIEM?

Did you go to college?

Yes, I went to college. I have a bachelor’s degree in Psychology.

What did you go to school for? If not, what certifications did you obtain?

Psychology. I did obtain several IT Security certifications such as CISSP, Security+, Pentest+, GIAC, INE, etc.

What was your first role in IT?

System administrator.

If it wasn’t in security, what pushed you to pursue security?

I was always interested in information security and the hacking culture.

What is the most valuable skill you learned in your role?

Learn to think outside the box.

What soft skills do you think make a person successful a) in cybersecurity and b) specifically in SIEM engineering?

You have to have the ability to communicate and put yourself in someone else’s shoes, the ability to learn new things and technologies that will work with or integrate with SIEM.

Operating SIEM usually involves operators being able to pick up on abnormal signals, which then need to be triaged and discussed with teams of peers and superiors. The ability to spot and communicate the reasoning behind chosen alerts or incidents is fundamental to maintaining efficient operations. Also, many times when in SIEM, operators will have to communicate with either internal clients (other departments or users) or external clients.

Any parting thoughts or final piece of advice to someone looking into becoming a SIEM engineer?

Learning the fundamentals of manipulating texts and logs. Operation and knowledge of *nix operating systems are very important. Networking skills and knowledge of TCP/IP are also necessary, and this will also include packet analysis skills (Wireshark, tcpdump). Some security certifications, such as Security+ or CCNA Cyber, can help a lot in understanding security fundamentals, data labels and security operations center fundamentals.

Become familiar with SIEM technology vendors as well, download free versions of them and practice; many of them have free training and certifications — take them.