Security Engineer (SIEM)

About The Position

Requirements

• Proven experience with SIEM tools architecture, deployment, and administration.
• Experience in cloud/hybrid environments and multi-cloud integrations.
• Knowledge of regulatory frameworks (e.g., NIST, ISO, MITRE).
• Ability to work cross-functionally and manage customer expectations.
• Strong analytical, troubleshooting, and communication skills.
• Successful candidates must demonstrate appropriate knowledge, skills, and abilities for a role.
• Roles at this level typically require a university / college degree, with 5+ years of industry-relevant experience.
• Specific certifications are often required.

Nice To Haves

• Access Control (AC)
• Building Architecture
• Customer Solutions
• Disaster Recovery Planning
• Information Security
• Network Security
• Physical Security
• Risk Assessments
• Security Technologies
• SIEM Tools
• Splunk Infrastructure Monitoring
• Analytical Thinking
• Effective Communications
• Information Security Management
• Information Security Technologies
• IT Environment
• IT Standards, Procedures & Policies
• IT Systems Management
• Network and Internet Security
• Problem Solving
• Technical Troubleshooting

Responsibilities

• design, engineer, and operate enterprise scale SIEM platforms that support high volume log ingestion, normalization, correlation, alerting, and long term retention across hybrid cloud and on prem environments
• architect and maintain end to end data onboarding pipelines, covering source onboarding, parsing, field extraction, normalization, enrichment, and validation to ensure telemetry is high quality, searchable, and actionable
• develop, test, and maintain SIEM detection content, including correlation searches, analytic rules, alerts, and risk based detections aligned to real world attacker techniques and behaviors
• write and optimize advanced search queries to support detections, investigations, dashboards, and threat hunting use cases, balancing performance, cost, and data fidelity
• build and maintain operational and security dashboards that provide visibility into threat activity, platform health, coverage gaps, and detection effectiveness for GSFC teams and security leadership
• perform threat analytics and proactive hunting by leveraging SIEM telemetry to identify anomalous behavior, validate detection hypotheses, and uncover gaps in existing monitoring and content
• investigate alerts, provide deep technical analysis, enrich events with contextual data, and continuously improve signal to noise ratio and response outcomes
• monitor and tune SIEM platform performance, including ingest volume, indexing efficiency, search performance, data retention, and licensing utilization
• manage the SIEM configuration and content lifecycle through version control, change management, testing, and promotion across environments
• define and track technical metrics and KPIs for detection coverage, alert quality, data completeness, and platform reliability, mapping coverage to the MITRE ATT&CK framework
• support broader security architecture and engineering initiatives by integrating SIEM with upstream and downstream systems such as cloud services, endpoint tooling, network telemetry, and SOAR platforms
• author and maintain technical documentation, including onboarding standards, detection logic, architecture diagrams, and operational runbooks
• continuously evaluate new telemetry sources, detection techniques, and platform capabilities to evolve security monitoring and reduce enterprise risk
• Provides subject matter expertise when applying security concepts.
• Leverages technical knowledge and industry experience to design, build, and maintain technology solutions.
• Responsible for deliverables related to project timelines.
• Responsible for working with architecture to take high level architectural designs and determine the specifics around implementation details (ex: sizing) integration details, onboarding and operationalization.
• Evaluates patches, updates, and ongoing maintenance.
• Determines impacts to existing solutions when new standards are implemented.
• Utilizes change control and other governance processes to ensure alignment of solutions .
• Develops detailed implementation, configuration, design, and engineering documentation.
• Build and implement solutions.
• Works with operational partners to enable transition and day-to-day supportability.
• Provides engineering support to existing technology in a production environment and collaborating with other groups as required.
• Seeks opportunities to grow a broad knowledge base to complement specific subject matter expertise.

Benefits

• PNC offers a comprehensive range of benefits to help meet your needs now and in the future.
• Depending on your eligibility, options for full-time employees include: medical/prescription drug coverage (with a Health Savings Account feature), dental and vision options; employee and spouse/child life insurance; short and long-term disability protection; 401(k) with PNC match, pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption, surrogacy, and doula reimbursement; educational assistance, including select programs fully paid; a robust wellness program with financial incentives.
• In addition, PNC generally provides the following paid time off, depending on your eligibility: maternity and/or parental leave; up to 11 paid holidays each year; 9 occasional absence days each year, unless otherwise required by law; between 15 to 25 vacation days each year, depending on career level; and years of service.