Senior SIEM Engineer

Job not on LinkedIn

🔥 2 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Valiant Solutions

WebsiteLinkedInAll Job Openings

201 - 500 employees

Founded 2005

🔒 Cybersecurity

🏛️ Government

Cybersecurity • Government • Information Technology

Valiant Solutions is a cybersecurity and IT services firm that specializes in securing the future by providing comprehensive and customized solutions to challenges faced by the Federal Government. With a focus on security engineering, operations, and strategic risk governance, the company addresses complex information security challenges through innovative application development and enterprise architecture. Recognized for its commitment to excellence, Valiant Solutions has been awarded numerous contracts and honors for its impactful contributions in the cybersecurity field.

📋 Description

• Lead the architecture, deployment, upgrade, and sustainment of the SIEM environment supporting the client's SOC, including indexer and search head clusters, forwarders, and supporting infrastructure. • Monitor SIEM platform health, license usage, indexing latency, search performance, and ingest rates, and proactively address capacity, performance, and availability issues. • Onboard new data sources by defining requirements, configuring inputs and forwarders, building parsing and field extractions, and validating Common Information Model (CIM) compliance. • Develop, tune, and maintain correlation searches, notable events, dashboards, reports, and data models that support Tier 1 triage within fifteen minutes of detection and Tier 2 analysis within four hours of escalation. • Build and maintain SOC dashboards that provide real-time visibility into the client's security posture, supporting both day-to-day operations and executive reporting. • Translate detection requirements from threat hunters, CTI analysts, and engineering teams into production SIEM content mapped to the MITRE ATT&CK framework. • Integrate SIEM with SOAR, EDR, NDR, DLP, CDM, vulnerability management, and identity platforms to support automated triage, enrichment, and response. • Reduce false positive rates and alert fatigue by tuning correlation rules, refining thresholds, and applying risk-based alerting techniques. • Support incident response by building investigation queries, producing timeline reconstructions, preserving evidence, and contributing artifacts to initial incident reports within one hour of confirmation and final reports within seventy-two hours. • Author and maintain Engineering Design Documents, Standard Operating Procedures, runbooks, and configuration guides for the SIEM environment, and review them on the cadence required by the SOC CONOPS. • Partner with the Security Architect and engineering leads to align SIEM design with Zero Trust principles, the client's Technology Standards, and the agency's broader cybersecurity reference architecture. • Manage SIEM-related changes through the client's change control process, including impact assessments, back-out plans, and presentations to the Engineering Review Board and Change Control Board. • Provide knowledge transfer and informal training to SOC analysts, engineers, and system owners on SIEM usage, search development, and dashboard interpretation. • Apply secure configuration baselines, role-based access controls, and audit logging to the SIEM environment to meet federal compliance requirements. • Track and report on SIEM-related metrics, including ingest volume by source, detection coverage by MITRE technique, mean time to detect, and platform availability. • Stay current on SIEM product roadmap items, new applications and add-ons, and emerging detection techniques, and recommend improvements to the client's SIEM strategy.

🎯 Requirements

• Eight or more years of cybersecurity engineering experience, with at least five years dedicated to SIEM architecture, administration, and content development. • Hands-on experience designing and operating distributed SIEM deployments at enterprise scale, including indexer clusters, search head clusters, heavy and universal forwarders, deployment servers, and license management. • Demonstrated experience writing, tuning, and optimizing queries, correlation searches, data models, accelerated summaries, lookups, and macros. • Working knowledge of security focused SIEM components, including notable event framework, risk-based alerting, asset and identity frameworks, and adaptive response actions. • Experience in onboarding diverse data sources at scale, including operating system logs, network flow and packet data, cloud platform logs (AWS CloudTrail, GuardDuty, VPC Flow, Config), endpoint telemetry, application logs, and identity provider logs. • Experience integrating SIEM with SOAR platforms, Endpoint Detection and Response tools, Continuous Diagnostics and Mitigation (CDM) data feeds, vulnerability management platforms, and ticketing systems such as ServiceNow. • Working knowledge of AWS GovCloud services and the design patterns used to forward, normalize, and secure log data from cloud-native sources. • Familiarity with the MITRE ATT&CK framework and experience translating adversary techniques into SIEM detection content. • Working knowledge of NIST SP 800-53, NIST SP 800-61, and NIST SP 800-137, and the ability to map SIEM controls and continuous monitoring practices to those frameworks. • Experience supporting incident response activities, including building investigation dashboards, preserving log evidence, and producing artifacts for post-incident reporting. • Strong scripting and automation skills in at least one of Python, Bash, or PowerShell, and comfort with version control using Git. • Beneficial Splunk certifications: Splunk Core Certified Power User and Splunk Enterprise Certified Admin. Splunk Certified Architect, Splunk Enterprise Security Certified Admin, or Splunk Core Certified Consultant is strongly preferred. • Required to obtain and maintain a Non-Sensitive / High Risk (Public Trust) security clearance at the Tier 4/6c level. • Strong written and verbal communication skills, with the ability to brief technical findings to SOC leadership, ISSOs, and senior Government officials.

🏖️ Benefits

• Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees • Valiant contributes 25% towards Health Coverage for Family and Dependents • 100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees • 100% Paid Certifications • 401K Matching up to 4% • Paid Time Off • Paid Federal Holidays • Wellness & Fitness Program • Valiant University – Online Education and Training Portal • FSA programs for: Medical Costs, Dependent Care, Transit, and Parking • Referral Bonuses