Detection Engineer

Job Overview

Nelnet’s Cybersecurity Log Operations Engineers operate as a shared service across multiple business lines representing a hybridized attack surface covering on premise and cloud‑based elements. This position supports the company’s contract with the United States Department of Education (ED) and requires U.S. citizenship and a successful U.S. government security clearance.

• Self‑starter that consistently produces outstanding results with minimal supervision.
• Exceptional troubleshooting skills and meticulous attention to detail.
• Monitors and works with logs in SIEM tools and other log aggregators such as Google Observability.
• Builds and maintains cloud infrastructure on AWS, Azure, and Google Cloud.
• Verifies if threat findings are actual threats or false positives.
• Sets up logging sources, data routes, and data transformations inside of Cribl.
• Participates in department‑wide change control and IT governance processes on behalf of the Nelnet Cyber Security Group (CSG).
• Stays up to date on the latest global threat landscape and threat intelligence.
• Responds to audit findings and creates/maintains evidence documentation.
• Develops and maintains documentation for security‑related systems.

• Bachelor’s degree in cybersecurity, computer science, systems administration, information systems, or related areas.
• Minimum four years of experience implementing and supporting cybersecurity technologies such as SIEM, SOAR, database monitoring, threat detection mechanisms, alarming mechanisms, and operational logging and alerting for business applications.
• Experience working with a remote team via collaboration tools (Microsoft Teams, E‑Mail, and Video Conferences).
• Experience with Power Shell, Python, BASH, Chef, or Ansible.
• U.S. citizenship and successful U.S. government security clearance.

• Cybersecurity certifications:
  Security+, SSCP, CISSP, GSEC, GCIA, GMON, GCDA.
• IT certification in system administration and log management tools.
• Enterprise level experience with SIEM products, Google Sec Ops, Google Cloud Observability, Splunk, Cribl, Datadog, Sysmon, Syslog, Windows Event logs, Linux Red Hat, Atlassian products (Jira, Confluence), and Service Now security modules (VR, GRC).

$100,000 – $110,000 depending on experience.

We are not able to provide visa sponsorship. Candidates must already be authorized to work in the United States without current or future sponsorship.

Medical, dental, vision, HSA and FSA, generous earned time off, 401(k) with student loan repayment, life insurance & ADA insurance, employee assistance program, employee stock purchase program, tuition reimbursement, performance‑based incentive pay, short‑ and long‑term disability, and a robust wellness program.

Nelnet is an Equal Opportunity Employer. We consider all qualified applicants for employment. Our hiring decisions are made without regard to race, color, religion, national origin, sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by federal, state, or local law. Qualified individuals with disabilities who require reasonable accommodations may request such accommodations by contacting Corporate Recruiting at 402‑486‑5725 or c