Security Engineer (SIEM)

About The Position

Requirements

• 3+ years of hands-on systems engineering and architecture experience—including requirements definition, architecture development, use-case/story creation, and systems integration/testing.
• 3+ years of cloud experience in architecture, design, implementation, operations, and automation (AWS, Azure, or GCP).
• Proven expertise with SIEM platforms (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) and enterprise antivirus (AV) solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender).
• Understanding of AWS, Azure, or GCP platform capabilities (ideally as a Cloud Architect, Cloud DevOps Engineer, or Cloud Security Engineer).
• Experience working in Agile environments with technical teams of three or more individuals.
• Excellent communication, organizational, and problem-solving skills, with the ability to convey complex technical information clearly.
• Strong documentation skills for creating technical diagrams, written descriptions, and other supporting materials.
• Demonstrated ability to work both independently and as a member of a team, maintaining a professional attitude and demeanor.
• Critical thinking skills to balance robust security requirements against mission objectives.
• Proven track record of adapting quickly and efficiently in fast-paced, dynamic environments.
• Proven track record delivering end-to-end SIEM solutions in large-scale or high-compliance environments—from initial design through operational handover.
• Hands-on leadership or senior-level contribution in cloud security projects, collaborating across cross-functional teams (e.g., DevOps, architecture, compliance) to drive impactful security outcomes.
• Documented success integrating multiple security tools (SIEM, AV, intrusion detection systems, etc.) into a cohesive, enterprise-wide monitoring solution.
• History of working under strict regulatory or industry frameworks (e.g., FedRAMP, HIPAA, PCI), ensuring solutions meet required standards without sacrificing performance.
• Demonstrable client-facing experience in a consulting or services capacity, maintaining professionalism and clear communication in high-stakes or fast-paced engagements.
• Splunk Enterprise Certified Admin or SumoLogic Administration or Microsoft Security Operations Analyst Associate
• AWS Solutions Architect Professional or AWS DevOps Engineer Professional or Azure Solutions Architect Expert or GCP Cloud Architect
• Bachelor’s degree or equivalent work experience.

Nice To Haves

• Professional services background: Prior experience supporting external clients from within a consulting or professional services organization.
• Automation capabilities: Experience automating workflows in GitLab or GitHub with Terraform and Ansible.
• Modern application architectures: Proven expertise with serverless, microservices, and related technologies.
• Configuration baseline standards: Familiarity with CIS Benchmarks, DISA STIG, and other relevant guidelines.
• Encryption technologies: Hands-on experience implementing SSL, PKI, and other encryption methods.
• Compliance frameworks: Understanding of FedRAMP, FISMA, HIPAA, HITRUST, PCI, and similar regulatory standards.
• Splunk Enterprise Certified Architect or Splunk Certified Automation Developer

Responsibilities

• Maintain SIEM solutions (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in cloud environments (AWS, Azure, GCP) to support FedRAMP continuous monitoring requirements
• Maintain and support SIEM platforms (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in AWS, Azure, and GCP environments to support continuous monitoring and compliance requirements
• Manage and maintain log collection infrastructure including forwarders, collectors, and ingestion pipelines across hybrid environments
• Support SIEM performance tuning, storage management, retention settings, and licensing optimization under established operational guidelines
• Implement and maintain log retention and audit configurations aligned with FedRAMP and other compliance framework requirements
• Develop, tune, and maintain detection rules, correlation searches, and alerting logic to identify security events
• Create and maintain custom parsers and field extractions for complex or proprietary log sources
• Reduce false positives through ongoing rule tuning, baseline analysis, and detection improvement efforts
• Participate in peer reviews of detection rules and SIEM configuration changes
• Monitor SIEM alerts and investigate security events to support incident response and threat hunting activities
• Contribute to development and maintenance of detection and response playbooks and operational procedures
• Support troubleshooting of SIEM ingestion, parsing, and performance issues
• Work with infrastructure and application teams to onboard new log sources and improve security visibility
• Collect and organize SIEM control evidence and artifacts for audits and 3PAO assessment activities
• Ensure SIEM configurations support required controls such as audit review, log integrity, and time synchronization
• Create and maintain SIEM architecture, detection, and operational documentation and runbooks
• Provide technical support during client reviews and operational meetings as assigned
• Share knowledge and provide guidance to junior team members
• Contribute to process improvement and automation initiatives within SIEM and detection workflows

Benefits

• paid parental leave
• flexible time off
• certification and training reimbursement
• digital mental health and wellbeing support membership
• comprehensive insurance options