DoW SIEM/SOAR Program Lead

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Systems, Engineering, or related discipline.
• Minimum 8 years of experience in cybersecurity operations, security monitoring, SIEM/SOAR engineering, or related technical leadership.
• At least 2 years of federal of DoW experience.
• SIEM relevant certification (e.g., Splunk Certified, GIAC Certified Detection Analyst, CISSP, CISA, CISM, Security+)
• Hands-on experience with SIEM platforms (e.g., Splunk, Elastic, Azure Sentinel, IBM QRadar) and SOAR technologies.
• Strong understanding of logging, monitoring, audit controls, correlation rules, and compliance frameworks (e.g., NIST, FISCAM, SOC, RMF).
• Demonstrated ability to lead complex multi-system onboarding and integration efforts across large enterprises.
• Experience coordinating with managed security providers or cybersecurity service partners.
• Excellent communication, stakeholder management, and project management skills.
• Proven ability to lead cross-functional technical teams and coordinate with government stakeholders, service providers, and system owners.
• Ability to work effectively under pressure and manage multiple priorities.
• Active Secret clearance (minimum), with ability to obtain TS/SCI if required.
• Ability to travel up to 25%

Nice To Haves

• Experience with cloud-native SIEM/SOAR solutions (AWS, Azure, GCP).
• Familiarity with DoW or other federal cybersecurity frameworks and governance processes.
• Expertise with the GAO FISCAM and how auditors testing logging requirements
• Background in creating architecture diagrams, technical documentation, and operational playbooks.
• Experience with automation tools, AI/ML‑based anomaly detection, and orchestration frameworks.
• Prior involvement in financial system audits, NFR remediation, or FISCAM-related identity controls.
• Strong communication skills for executive reporting, cross-functional coordination, and audit engagement.
• Prior leadership roles within DoW, federal consulting, or large-scale modernization initiatives.

Responsibilities

• Lead the overall SIEM/SOAR program, including governance, roadmap management, progress reporting and coordination with stakeholders.
• Direct the onboarding of financial systems logs into SIEM, with a focus on financial audit compliance.
• Validate logging, monitoring, and audit requirements and assess design constraints and gaps.
• Oversee ongoing SIEM/SOAR operations, including log ingestion, monitoring, detection, analytics, automation, and performance management.
• Develop and maintain documentation such as system design documents, playbooks, CONOPS, architectures, and reporting dashboards.
• Support audit compliance by providing evidence, addressing findings, and ensuring monitoring capabilities meet audit and FISCAM requirements.
• Lead incident monitoring, alerting, escalation, and response processes across the environment.
• Manage integration of cloud‑native logging, analytics, visualization tools, and AI/ML enhancements.

Benefits

• Medical, Dental, Vision, Life, AD&D, and Disability Insurance
• 401(k) Retirement Plan and 529 Education Savings Plan
• Flexible Spending & Health Savings Account
• Accident, Critical Illness, Hospital Indemnity Insurances
• Legal Insurance and Pet Insurance
• Employee Assistance Program, fitness and wellness benefits, and other firm benefits
• Paid holidays, vacation, and sick time