Senior Cybersecurity Engineer

Kiakahi•Washington, DC

1d•$137,000 - $147,000•Hybrid

About The Position

Kiakahi LLC is looking for an experienced Senior Cybersecurity Engineer to join its team. This position supports a small federal agency operating a hybrid IT environment consisting of on-premises infrastructure (Cisco networking, VMware Hypervisor, Windows Server, Linux OS) and cloud services (Microsoft Azure IaaS/PaaS, Microsoft Entra ID, Microsoft 365). The security stack includes Microsoft Sentinel SIEM, Defender EDR, and CDM Tools, serving fewer than 150 users across headquarters and distributed locations. The ideal candidate will be a US Citizen capable of passing a National Agency Check with Investigation to obtain a Public Trust, able to operate independently with minimal oversight, and deliver measurable improvements in detection accuracy and reduction in false positives.

Requirements

US Citizen capable of passing a National Agency Check with Investigation to obtain a Public Trust.
Minimum six (6) continuous years of experience in cybersecurity engineering and security operations.
Senior-level proficiency with direct, hands-on experience with SIEM platforms (Microsoft Sentinel, Splunk).
Senior-level proficiency with direct, hands-on experience with SOAR tools and automated response workflows.
Senior-level proficiency with direct, hands-on experience with NDR (Network Detection and Response).
Senior-level proficiency with direct, hands-on experience with EDR (Endpoint Detection and Response) - Microsoft Defender.
Senior-level proficiency with direct, hands-on experience with Identity Management systems (Microsoft Entra ID).
Senior-level proficiency with direct, hands-on experience with Vulnerability scanning tools (ACAS, Tenable.SC, Nessus, SCAP).
Senior-level proficiency with direct, hands-on experience with Linux and Windows Server administration.
Senior-level proficiency with direct, hands-on experience with Cisco Networking infrastructure.
Senior-level proficiency with direct, hands-on experience with VMware virtualization environments.
Deep RMF expertise across Defense, Intelligence, and Civilian frameworks (NIST SP 800-37, CNSSI 1253, ICD 503).
Familiarity with NIST 800-series publications (800-30, 800-53, 800-137, 800-160/161) and FIPS-199/200.
Experience with eMASS for RMF package management.
Proficiency in DISA STIG hardening and SCAP validations.
CISSP (Certified Information Systems Security Professional) certification.
CompTIA SecurityX (CASP+) CE, CySA+, Security+, or equivalent certification.
Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or related field.

Nice To Haves

GIAC GCCC certification.
Navy Qualified Validator certification.
Master's degree.

Responsibilities

Execute security operations through centralized monitoring of system logs, endpoint activity, and network traffic using enterprise tools such as ACAS, Nessus, SCAP, and endpoint security platforms.
Configure and maintain SIEM platforms (Microsoft Sentinel), including data connector configuration, correlation rule development and tuning, and SOAR playbook development for automated response workflows.
Provide continuous visibility into vulnerabilities, system anomalies, and potential threats across both cloud and on-premises infrastructure.
Conduct proactive threat hunting on a defined schedule, executing hypothesis-driven queries across the log estate to identify behavioral patterns below automated detection thresholds.
Perform log aggregation, correlation analysis, and validation of indicators of compromise.
Coordinate containment, investigation, and remediation actions when potential incidents are identified.
Isolate affected systems, validate system integrity, and document all actions to support reporting and compliance requirements.
Execute incident response activities in accordance with the NIGC IR plan.
Deploy and operationally manage Microsoft Defender EDR, IDS/IPS solutions, and Azure/M365 security controls in the hybrid production environment.
Lead implementation and sustainment of vulnerability management and centralized log management solutions.
Integrate CDM program tools with Microsoft Sentinel as additional telemetry sources for continuous monitoring posture reporting.
Configure Syslog aggregation pipelines from on-premises network and server infrastructure.
Apply NIST SP 800-37 RMF methodology across Defense, Intelligence, and Civilian frameworks.
Support FISMA compliance through implementation of NIST SP 800-53 control families and continuous monitoring under NIST SP 800-137.
Monitor CISA guidance channels for new Binding Operational Directives (BODs) and Emergency Directives, assessing applicability within five business days.
Develop and maintain System Security Plans (SSPs) and Security Control Traceability Matrices (SCTMs).