Cyber Defense Engineer - SIEM

About NorthMark Strategies:At NorthMark Strategies, we believe the future isn’t something to hope for, it’s something to build. We don’t just invest, we create, bringing together strategic insight and technical horsepower to deliver outcomes that endure.About the Role:The Cyber Defense Engineer – SIEM reports to the Director of Cyber Defense and operates within the Office of the CISO. This role is responsible for architecting, developing, and implementing advanced security solutions that enhance cyber defense investigations and incident response capabilities.This position places a strong emphasis on AI-driven security engineering, including the development of intelligent detection systems, automation pipelines, and data-driven defense mechanisms. The ideal candidate will combine deep expertise in the Microsoft security ecosystem with experience leveraging artificial intelligence and machine learning to improve SIEM/SOAR performance, detection fidelity, and operational efficiency.You will collaborate across IT and security teams to design scalable logging, enrichment, and response architectures, while continuously advancing the organization’s AI-enabled SIEM engineering maturity.Responsibilities Include, but Are Not Limited to: Design, develop, and deploy AI-enhanced detections and automations within the SIEM/SOAR platform to improve signal-to-noise ratio and reduce alert fatigue.Engineer and optimize SIEM pipelines using AI/ML techniques for anomaly detection, behavioral analytics, and threat correlation.Integrate SIEM with security tools and data sources to build a context-rich, intelligence-driven monitoring ecosystem.Develop and implement AI-assisted threat detection models, including user/entity behavior analytics (UEBA) and predictive analytics.Collaborate with cyber defense operations to identify emerging threats and capability gaps, leveraging AI to proactively strengthen defenses.Build and maintain automated response orchestration and intelligent playbooks that adapt based on threat context.Design automation for alert enrichment, triage, and response using both rule-based and AI-assisted decisioning frameworks.Partner with IT and engineering teams to ensure comprehensive telemetry collection and high-quality data pipelines.Continuously improve SIEM engineering practices, including data normalization, enrichment strategies, and AI model tuning.Support SOC operations by enhancing detection engineering, incident response workflows, and operational metrics through AI augmentation. Requirements and Qualifications Bachelor’s degree in computer science, Information Security, or a related field.4–6+ years of experience in cybersecurity engineering, SOC engineering, or insider threat.Demonstrated expertise in SIEM engineering and security monitoring at scale.Experience integrating or developing AI/ML capabilities within security operations or detection engineering.Strong understanding of the Microsoft security stack (e.g., Sentinel, Defender suite)Proficiency with automation tooling and scripting languages (KQL, Python, Powershell) Proficiency in API development with the goal of integrating security tooling Familiarity with various log ingestion methodologies into a SIEM environment. Experience in multi-tenant or MSP like environments a plus Highly motivated self-starter who thrives on positively influencing the environment.