Security Engineer

Job Description

ECS is seeking a Security Engineer to work in our Fairfax, VA office in a hybrid onsite/remote capacity.

ECS is seeking a seasoned Security Engineer to support robust Impact Level (IL) 5 and IL6 programs in an operational DoD environment that houses multiple U.S. Coalition Mission Partner Environments (MPE). The Security Engineer is a critical role responsible for implementing, optimizing, and maintaining an Azure Sentinel Security Information and Event Management (SIEM) solution; ensuring optimal log ingestion into the Enterprise SIEM;

and providing expertise on all security-related functions within the environment. The Security Engineer reports to the Project Manager and acts as a senior member of a multidisciplinary organization that delivers excellence in AI/ML innovation in on-premises and cloud-native environments.

The Security Engineer position is a demanding, high-energy role that requires a blend of leadership, strategic, and technical acumen to drive program initiatives. The ideal candidate has proven expertise in managing security for hybrid and cloud environments, including identity, networking, and data protection; in-depth knowledge and hands-on expertise with Azure services; scripting proficiency (Power Shell / Azure CLI); experience in threat protection, compliance, and security operations with Microsoft Sentinel and/or Microsoft Defender for Cloud;

and essential soft skills (analytical thinking, problem-solving, and communication).

General responsibilities:

• Implement best practices for all security-related functions (e.g., Sentinel, Entra
  
  ID, Azure IAM, Purview, Active Directory, ADFS, etc.).
• Ensure effective deployment of Security Information and Event Management (SIEM) solutions, and manage costs associated with log ingestion and retention.
• Configure and manage Azure Sentinel data sources, such as Azure Activity Logs, Azure Security Center, Microsoft Defender for Cloud, and third-party data sources.
• Evaluate existing Azure Sentinel architecture, including data connectors, analytics rules, logic apps, workbooks, and automation playbooks; identify opportunities for improvement and provide alternative recommendations.
• Develop and maintain custom analytics rules, hunting queries, and machine learning models to effectively detect and respond to security threats.
• Collaborate with Security Operations teams to investigate and respond to security incidents, and ensure logs are appropriately pushed to the Enterprise SIEM.
• Optimize Azure Sentinel performance, scalability, and cost-effectiveness through appropriate configuration and resource management.
• Maintain currency with the latest Azure Security features, security best practices, and industry trends; continually improve the organization's security posture.
• Provide best practices for the Azure Sentinel platform: identify security detection gaps in infrastructure and process, and develop effective mitigation plans.
• Demonstrate excellent judgment, prioritization and communication of technical security risks, and act as a security liaison while supporting the Security Operations Center (SOC).
• Train SOC Analysts on utilizing cloud-native tools to perform routine security monitoring and incident response activities, leveraging existing dashboards and alerts.
• Provide technical guidance, mentoring, and knowledge-sharing to junior team members and other stakeholders.
• Other duties, as assigned.

Required Skills

• U.S. Citizen.
• DoD Secret security clearance, with the ability to obtain a DoD Top Secret security clearance with Sensitive Compartmented Information indoctrination (TS/SCI).
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related STEM (Science, Technology, Engineering and Mathematics) discipline; 8+ years of equivalent professional experience in lieu of a degree.
• Current DoD 8140 IAT Level II or higher certification (e.g., CompTIA Security+).
• Ability to work in a hybrid capacity, with up to 3 business days per week onsite in Fairfax, VA.
• Ability to travel < 20% to CONOCONUS customer sites and government installations, as needed.
• 6+ years of progressive, hands-on experience in cybersecurity, primarily…