Enterprise Logging Solution (ELS) Lead

About The Position

Requirements

• Five (5) years of experience serving as a senior Certified Splunk Administrator or Architect.
• Understanding and practical experience in applying project management principles.
• Experience with interconnected, heterogeneous systems; strong understanding of industry standards and technologies with experience in the application supporting a Federal Government security operations organization.
• Experience in an enterprise IT environment as an applications or systems administrator working in Windows and Linux environments.
• Experience with Linux and or Windows scripting languages and automation
• Strong networking background
• Strong security background
• Experience with cloud orchestration tools and a strong understanding of Amazon Web Services cloud.
• One of the following (listed in preference) Certified Splunk Architect II CISSP
• Secret (TS eligible).

Responsibilities

• Lead architecture, engineering, configuration, and optimization of enterprise logging platforms supporting DHS SOC operations.
• Serve as the senior technical authority for SIEM engineering, log ingestion pipelines, parsing, data normalization, enrichment, and storage strategies.
• Oversee onboarding of new data sources, including application, endpoint, network, cloud, and authentication telemetry.
• Maintain and enhance log health monitoring, pipeline resiliency, and log integrity validation.
• Coordinate with SOC analysts, Threat Hunt, IR, CTI, and engineering teams to ensure logging coverage aligns with detection, investigation, and compliance requirements.
• Develop, maintain, and troubleshoot log ingestion processes, forwarders, collectors, and APIs.
• Support dashboard, correlation rule, and alerting development by ensuring high-quality data availability.
• Ensure compliance with CBP logging standards, federal logging mandates, and Zero Trust visibility requirements.
• Lead modernization initiatives involving automation, cloud logging integrations, and data optimization.
• Provide detailed technical reporting, architectural documentation, and data dictionaries.
• Support vulnerability assessments, compliance audits, and cross-team engineering reviews.
• Mentor junior engineers and support knowledge transfer across the SOC.