SIEM Analyst

Foxhole Technology•Smryna, GA

34d•Hybrid

About The Position

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise – across the organization and around the world. The SIEM Analyst is responsible for supporting the management, optimization, and continuous monitoring of Security Information and Event Management (SIEM) systems within Department of Defense (DoD) environments. This role focuses on reviewing, validating, and optimizing SIEM log sources, rule configurations, and system deployment metrics to ensure comprehensive and efficient threat detection. The SIEM Analyst will collaborate with cybersecurity teams to develop processes and Standard Operating Procedures (SOPs) for effective SIEM log management, incident detection, and threat response. This position requires strong analytical skills, attention to detail, and a proactive approach to SIEM management and improvement. The ideal candidate will have experience with log analysis, configuration validation, and the identification of security misconfigurations in a SIEM environment.

Requirements

Active DoD Secret security clearance
3–5 years of cybersecurity experience with hands-on SIEM management, strong log analysis and threat detection skills, and familiarity with DoD cybersecurity policies.
Proficiency with SIEM tools such as Splunk, ArcSight, LogRhytm or QRadar.
Bachelor's degree in Cybersecurity, IT, Computer Science, or related field (or equivalent experience).
Must meet DoD 8140/8570 IASAE Level II requirements via CASP+ CE, CISSP (or Associate), or CSSLP.

Responsibilities

Assist in developing and documenting SOPs for regular SIEM log and source validation, including procedures for identifying misconfigurations, evaluating rules, and reporting deployment metrics such as active log source counts, log types, and entities reviewed.
Regularly review and validate SIEM log sources with cybersecurity experts to build and maintain asset profiles, assessing system risk and criticality using Mission Assurance, CMDB, and related resources.
Implement and manage review schedules — daily, weekly, or monthly — based on system sensitivity, focusing on detecting unusual behavior, baseline deviations, and configuration changes.
Monitor and relay anomalous or potentially malicious SIEM activity to Cyber Ops Analysts, providing timely findings to cybersecurity leadership.
Conduct monthly evaluations of 10–15 SIEM signatures, working with ISSM, ISO, and Cyber Ops Analysts to optimize rules, improve threat detection, and reduce false positives.
Validate log source configurations to ensure all relevant security data is collected and processed, identifying missing or misconfigured sources and creating IRs for resolution.
Maintain detailed documentation on SIEM configurations, rule assessments, and incidents, and present deployment metric reports to cybersecurity leadership.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume