Senior Security Engineer

About The Position

Requirements

• Active Top Secret Clearance with SCI eligibility.
• DoD 8570 / 8140 Compliance: Active IAT Level II and CSSP Infrastructure certification.
• 8+ years of relevant experience in a hands-on cybersecurity role within a DoD environment.
• Experience supporting or participating in incident response within a DoD CSSP or SOC environment, including evidence collection, timeline reconstruction, and post-incident reporting.
• Familiarity with NIST SP 800-61 (Computer Security Incident Handling Guide) as the baseline IR framework.
• Extensive, hands-on engineering experience and operating within multi-cloud IL-4/5 secure cloud environments.
• Demonstrated experience working across multiple network classification levels (NIPR, SIPR, and JWICS).
• Advanced, hands-on experience with security analytics platforms, including Splunk (Enterprise/ES), Elastic, and Microsoft Sentinel.
• Strong, demonstrable proficiency in scripting and automation for security tasks using languages like Python, PowerShell, Bash, or Ansible, including experience with API integrations.
• Solid foundation in Linux/Unix administration and command-line operations necessary for managing backend SIEM and security infrastructure.

Nice To Haves

• Certifications related to Microsoft Azure Security (e.g., Azure Security Engineer Associate, Microsoft Sentinel Ninja).
• Experience configuring and maintaining RHEL systems in compliance with DISA STIGs and supporting ATO documentation efforts.
• Experience with Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation).
• High-level SIEM (Splunk, Elastic, MS Sentinel) and Cloud Architecture certifications.
• Working knowledge of the DoD Risk Management Framework (RMF) process, including experience preparing or supporting System Security Plans (SSPs), STIGs, and continuous monitoring requirements for systems operating at IL-4/5.

Responsibilities

• Lead the design and implementation of security automation workflows using tools like Python, Ansible, and SOAR platforms to enhance efficiency and response capabilities across all network enclaves.
• Design, engineer, and secure cloud architecture within AWS IL-4/5 environments, implementing robust security controls and ensuring compliance with stringent DoD standards.
• Serve as the SIEM SME/Architect to enhance the agency’s SIEM platform by developing advanced security content, creating custom dashboards, integrating REST APIs, and onboarding new data sources to improve threat visibility.
• Serve as a senior engineer for security analytics across multiple platforms, including, but not limited to Microsoft Sentinel and Splunk. This involves developing and implementing advanced correlation rules, workload analytics, and threat intelligence models to detect and respond to anomalous activity.
• Serve as a senior technical resource and mentor for other team members, providing guidance on best practices for operating securely across classified and unclassified networks.
• Analyze and integrate new subscriber data and security tools into the existing ecosystem to enhance threat detection and response capabilities.
• Create and maintain clear, comprehensive technical documentation, including architectural diagrams and Standard Operating Procedures (SOPs) tailored for multi-enclave operations.
• Monitor, triage, and support incident response leveraging SIEM platform capabilities including correlation searches, and risk-based alerting (RBA) across all network enclaves.
• Maintain and update SIEM content (dashboards, alerts, reports) in alignment with IR playbooks and SOAR workflows to accelerate analyst response times and improve detection fidelity

Benefits

• health
• dental
• vision
• 401K
• life insurance
• short-term and long-term disability plans
• vacation time
• holidays