Hyderabad, Telangana, India Today Not disclosed
SIEM Linux Security Jobs
SIEM platforms are central to security operations in Linux environments, aggregating logs and events from Linux hosts, network devices, and cloud services to detect and respond to threats in real time. SIEM engineers deploy and tune platforms, write detection rules, investigate alerts, and integrate log sources across hybrid Linux infrastructure.
L
Etobicoke, Ontario, Canada Today CAD 100k – CAD 150k
AF
Arlington, Virginia, United States Today $70k – $153k
Chantilly, Virginia, United States Yesterday Not disclosed
Remote, LATAM 2d ago Not disclosed
Bengaluru, Karnataka, India 5d ago Not disclosed
D
Tampa, Florida, United States 6d ago $130k – $150k
Hawthorne, California, United States 6d ago $140k – $200k
Hawthorne, California, United States 6d ago $110k – $190k
Hawthorne, California, United States 6d ago $110k – $160k
Hawthorne, California, United States 6d ago $140k – $160k
Remote, United States May 27 Not disclosed
N
Torrance, California, United States May 27 Not disclosed
ES
Chennai, Karnataka, India May 26 Not disclosed
Chantilly, Virginia, United States May 26 Not disclosed
Bucharest, Romania May 21 Not disclosed
Fort Meade, Maryland, United States May 21 Not disclosed
Fort Huachuca, Arizona, United States May 21 Not disclosed
Reston, Virginia, United States May 21 Not disclosed
Reston, Virginia, United States May 21 Not disclosed
Frequently Asked Questions
-
Splunk is the most widely deployed commercial SIEM in Linux environments, followed by IBM QRadar, Microsoft Sentinel, and Elastic SIEM. Open-source options include Wazuh (built on the Elastic stack) and OpenSearch Security Analytics. Cloud-native SIEMs like Google Chronicle and AWS Security Lake are growing in adoption.
-
Common Linux log sources include syslog, auditd, journald, PAM authentication logs, firewall logs from iptables or nftables, and application-specific logs. Container and Kubernetes log aggregation via Fluentd, Fluent Bit, or the OpenTelemetry Collector feeds into SIEM platforms alongside host-based sources.
-
A Security Operations Centre (SOC) is the team that monitors, analyses, and responds to security events. SIEM is the primary tooling that SOC analysts use for log aggregation, alert triage, and incident investigation. SIEM engineers are typically responsible for platform administration, rule authoring, and integrations, while SOC analysts handle day-to-day alert response.
-
SIEM roles on Linux job boards typically require experience with one or more platforms (Splunk, Sentinel, Elastic), Linux log analysis, regular expression and query language proficiency (SPL, KQL, Lucene), and understanding of the MITRE ATT&CK framework for detection rule mapping. Scripting in Python or Bash for log parsing and automation is commonly expected.