Security Operations Center Engineer III

About The Position

Requirements

• United States Citizen with a DoD Secret clearance.
• Bachelor's Degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a closely related technical field. Relevant experience may be considered in lieu of degree requirements.
• Minimum of 10 years of experience performing IT Security Operations in enterprise or government environments.
• Demonstrated experience supporting Security Operations Centers (SOCs), Cyber Defense Operations, or Security Monitoring Programs.
• Advanced experience administering, engineering, and supporting Splunk Enterprise and/or Splunk Cloud environments.
• Experience implementing and maintaining log management, SIEM, and security analytics platforms.
• Strong knowledge of incident response, threat hunting, digital forensics, malware analysis, and vulnerability management.
• Experience with cloud security monitoring and AWS security services.
• Knowledge of cybersecurity frameworks and standards, including: NIST Cybersecurity Framework (CSF), NIST 800 Series, Risk Management Framework (RMF), FISMA, Security Technical Implementation Guides (STIGs), MITRE ATT&CK Framework.
• Strong understanding of network security, endpoint security, identity and access management, and security architecture.
• Experience developing security dashboards, correlation searches, alerts, reports, and automation workflows.
• Excellent analytical, troubleshooting, communication, and leadership skills.

Responsibilities

• Lead security monitoring operations utilizing SIEM technologies, including Splunk and Cribl platforms.
• Design, implement, configure, and maintain enterprise security monitoring and logging solutions.
• Perform advanced threat detection, threat hunting, and incident analysis activities across enterprise networks and cloud environments.
• Investigate security alerts, incidents, and anomalies to determine root cause, impact, and remediation actions.
• Develop and maintain security use cases, correlation searches, dashboards, reports, and automated workflows.
• Engineer and optimize log collection, normalization, enrichment, and retention strategies.
• Support the deployment, administration, and optimization of Splunk Enterprise, Splunk Cloud, and Cribl environments.
• Develop security content to improve detection capabilities for emerging cyber threats and adversarial tactics.
• Lead incident response activities and coordinate containment, eradication, recovery, and lessons learned efforts.
• Conduct security assessments and identify opportunities to improve monitoring, visibility, and operational effectiveness.
• Collaborate with cloud, network, and systems engineering teams to integrate security controls and monitoring solutions.
• Develop operational procedures, technical documentation, and standard operating procedures (SOPs).
• Provide technical leadership and mentorship to junior SOC analysts and engineers.
• Generate executive-level reports, metrics, and briefings regarding security incidents, trends, and organizational risk.
• Support compliance initiatives, audits, and security assessments in accordance with federal cybersecurity requirements.
• Stay current on emerging threats, attack techniques, and cybersecurity technologies to enhance defensive capabilities.

Benefits

• Customer-focused, performance-based solutions using technology and an empowered workforce as an engine to drive its customers' missions.
• Attract the best and brightest within their field.
• Invest in our people because they are our greatest asset.
• Cultivate our purpose, embody and reflect our core values, and define our culture.