Enterprise Logging Solution Lead

Enterprise Logging Solution Lead

The U.S. Customs and Border Protection (CBP) Cyber Security Directorate (CSD) is leading one of the most comprehensive, mission‑critical cybersecurity operations in the federal government—protecting the digital infrastructure that safeguards America’s borders. This multifaceted program spans 24/7/365 Security Operations Center (SOC) monitoring, advanced threat intelligence, forensics, incident response, cloud and network security engineering, zero trust modernization, vulnerability assessment, and enterprise‑wide risk and compliance activities.

Key Leads on this program will guide teams at the forefront of national security, supporting sophisticated cyber operations that defend vital systems, enable secure mission execution, and counter rapidly evolving threats. You will find this work uniquely impactful, fast‑paced, and deeply collaborative, offering the opportunity to lead high‑performing technical teams, shape CBP’s cybersecurity strategy, and contribute directly to the protection of the nation.

As the Enterprise Logging Solution (ELS) Lead, you will:

• Guide the evolution of CBP’s enterprise‑wide SIEM and logging architecture.
• Shape how CBP ingests, analyzes, and operationalizes massive volumes of security telemetry across cloud and on‑prem environments, enabling threat detection, audit readiness, and real‑time security insights.
• Engineer advanced logging pipelines, lead implementations of new data sources, develop dashboards used by mission owners and executives, and modernize SIEM capabilities that directly support national security operations.

• Secret with Top Secret eligibility clearance required.
• Minimum of five (5) last years of experience serving as a senior Certified Splunk Administrator or Architect.
• Understanding and practical experience in applying project management principles.
• Experience with interconnected, heterogeneous systems.
• Strong understanding of industry standards and technologies with experience in the application supporting a Federal Government security operations organization.
• Experience in an enterprise IT environment as an applications or systems administrator working in Windows and Linux environments.
• Experience with Linux or Windows scripting languages and automation.
• Strong networking background and security background.
• Experience with cloud orchestration tools and a strong understanding of Amazon Web Services cloud.
• One of the following certifications (listed in order of preference):
  Certified Splunk Architect (II) or Certified Information System Security Professional (CISSP).

• Bachelor’s degree in computer science, information technology, or related field preferred.
• Previous or Current CBP Background Investigation preferred.