SIEM ANALYST

Qualifications

• 2 years with BS/BA; 0 years with MS/MA; 6 years with no degree
• Clearance:
  Active TS/SCI clearance.
• Candidate must meet ONE of the following:
  • Bachelor’s degree in Cybersecurity; OR
  • Relevant professional certification or equivalent experience (examples: CySA+; GCIA; CEH); OR
  • Relevant DoD/military training (example: Splunk Core Certified Power User).
• Required experience and skills:
  • SIEM, SOC, or security analytics experience with hands‑on alert investigation and correlation responsibilities.
  • Proficiency writing and tuning correlation logic/queries in one or more SIEM platforms (e.g., Splunk, Elastic, QRadar, Sentinel) and working knowledge of log formats/normalization.
  • Experience with endpoint telemetry, network flows, authentication logs, cloud logs, and threat‑intelligence enrichment.
  • Strong incident documentation, analytic writing, and case management skills; ability to produce reproducible investigation artifacts.
  • Capability to identify and remediate data‑quality and ingestion issues in coordination with data engineering teams.
• Desired:
  • Prior DoD/ARNG SOC or classified‑environment SIEM experience.
  • Familiarity with MITRE ATT&CK mapping for detection use cases, SOAR integrations, and detection performance metrics (precision/recall, MTTD).
  • Experience mentoring junior analysts and contributing to a detection engineering backlog.

We are seeking a highly skilled and innovative SIEM Analyst to join our team in the greater DMV area, supporting the Army National Guard.

• Review complex SIEM events, logs, and alerts; correlate telemetry from network, endpoint, identity, and cloud sources to detect anomalous activity.
• Investigate incidents through multi‑source correlation, timeline reconstruction, enrichment with threat intelligence, and IOC validation.
• Build and update intermediate‑level correlation rules, alert logic, and detection filters to address evolving use cases and improve fidelity.
• Document triage results, maintain investigation records with analytic notes, and categorize incidents per escalation criteria.
• Support tuning by identifying systemic false positives, refining rule parameters, and proposing detection enhancements.
• Collaborate with SOC analysts, threat hunters, cybersecurity engineers, and incident responders to provide technical context and preliminary root‑cause assessments.
• Maintain SIEM dashboards and operational reporting: update visualizations, refine queries, and validate metric accuracy.
• Verify ingestion, parsing, and normalization of log sources; perform data‑quality checks and report visibility gaps for remediation.
• Apply detection playbooks and organizational policies to sustain continuous monitoring across all enclaves.
• Contribute to SIEM operations improvement by refining analytic workflows, updating documentation, and adopting new platform capabilities.