Enterprise Logging Solution (ELS) Lead

About The Position

Requirements

• Minimum of 7+ years administering, engineering, or architecting enterprise logging or SIEM solutions in large-scale environments.
• Minimum of 5+ years hands-on experience as a senior SIEM engineer or administrator within Federal or enterprise SOC environments.
• Experience supporting Windows and Linux logging ecosystems, cross-platform log ingestion, and distributed system integrations.
• Experience with interconnected, heterogeneous enterprise systems and cloud environments (AWS, Azure).
• Demonstrated experience with log parsing, normalization, field extraction, data mapping, and ingestion pipeline troubleshooting.
• Strong networking background, including TCP/IP, DNS, HTTP/S, VPN, encryption, and certificate management.
• Experience supporting or integrating with automation/orchestration frameworks.
• Experience producing technical documentation, diagrams, and operational runbooks.
• Bachelor’s degree in Computer Science, Information Systems, Engineering, Cybersecurity, or related field.
• Must be able to obtain/maintain a Tier 5 (T5) investigation.

Nice To Haves

• Certified Splunk Architect II (priority)
• Splunk Certified Admin/Engineer (if Architect-level is in progress)
• CISSP
• Security+
• Cloud provider certifications (AWS, Azure)
• CBP CSD may add TS or TS/SCI requirements on a case-by-case basis.

Responsibilities

• Lead architecture, engineering, configuration, and optimization of enterprise logging platforms supporting DHS SOC operations.
• Serve as the senior technical authority for SIEM engineering, log ingestion pipelines, parsing, data normalization, enrichment, and storage strategies.
• Oversee onboarding of new data sources, including application, endpoint, network, cloud, and authentication telemetry.
• Maintain and enhance log health monitoring, pipeline resiliency, and log integrity validation.
• Coordinate with SOC analysts, Threat Hunt, IR, CTI, and engineering teams to ensure logging coverage aligns with detection, investigation, and compliance requirements.
• Develop, maintain, and troubleshoot log ingestion processes, forwarders, collectors, and APIs.
• Support dashboard, correlation rule, and alerting development by ensuring high-quality data availability.
• Ensure compliance with CBP logging standards, federal logging mandates, and Zero Trust visibility requirements.
• Lead modernization initiatives involving automation, cloud logging integrations, and data optimization.
• Provide detailed technical reporting, architectural documentation, and data dictionaries.
• Support vulnerability assessments, compliance audits, and cross-team engineering reviews.
• Mentor junior engineers and support knowledge transfer across the SOC.