SIEM​/Tool Engineer

Qualifications

• Minimum of 8 years with BS/BA;
  Minimum of 6 years with MS/MA;
  Minimum of 3 years with PhD
• Clearance:
  Active TS/SCI clearance.
• Candidate must meet ONE of the following:
  • Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR
  • Relevant DoD/military training (documented advanced SIEM/forensics/analytics coursework); OR
  • Relevant professional certification or equivalent experience (examples: GREM; CFR; CySA+; GCFA; GCFE; Pen Test+).
• Required experience and skills:
  • Security engineering, SIEM/platform engineering, or analytics platform experience with at least 3 years architecting/operating enterprise SIEM solutions.
  • Deep expertise in log parsing/normalization, ingestion pipelines, detection rule design, dashboarding, and alert/workflow automation.
  • Hands‑on experience with major SIEM/analytics platforms (e.g., Splunk, Elastic, QRadar, Microsoft Sentinel) and related ecosystem tooling.
  • Proven ability to perform capacity planning, performance tuning, high‑availability design, and platform upgrade/migration activities.
  • Strong scripting/automation skills (Python, Power Shell, Bash), familiarity with data pipelines, and ability to produce audit‑quality export/evidence flows.
• Desired:
  • Prior DoD/ARNG SIEM engineering or SOC platform experience and familiarity with RMF/evidence workflows.
  • Training such as DC3 Cyber Forensics Course and advanced forensic/IR certifications (e.g., GREM, GCFA) preferred.

We are seeking a highly skilled and innovative SIEM/Tool Engineer to join our team in the greater DMV area, supporting the Army National Guard.

• Architect, administer, and scale enterprise SIEM and security monitoring platforms; integrate telemetry from network, endpoint, cloud, identity, and OT sources.
• Develop and maintain parsing/normalization logic, data enrichment pipelines, dashboards, alerting, and automated workflows to support detection and analytic scalability.
• Implement performance optimization strategies, capacity planning, and tuning to ensure reliable, high‑volume ingestion and query performance.
• Lead platform upgrades, patching, health monitoring, configuration management, and high‑availability operations to sustain operational resilience.
• Build and maintain reusable correlation rules, detection content, and analytic libraries; collaborate with detection engineers to operationalize use cases.
• Design and oversee retention, storage, and evidence export processes to support investigations, RMF/evidence needs, and auditability.
• Troubleshoot platform issues, conduct root‑cause analysis of ingestion/parsing failures, and coordinate remediation with data engineering and security teams.
• Establish platform governance, hardening baselines, access controls, and operational runbooks; mentor platform operators and engineers.
• Produce architecture artifacts, capacity/health reports, and executive summaries to inform leadership and roadmap decisions.