SIEM/SOAR Engineer
About The Position
CGI Federal is a leader in providing IT and cybersecurity solutions, dedicated to supporting mission‑critical federal government initiatives. We are committed to enhancing national security and strengthening government operations through innovative technology, advanced analytics, and expert collaboration. In this role, you will play a key part in delivering secure, modern, and resilient solutions that empower our federal government client's mission. Own SIEM/SOAR pipelines: data onboarding, normalization/parsing, detection content, runbooks, automation, and role‑based dashboards that give the SOC real‑time visibility and consistent response. This position is located in our Knoxville, TN office; however, a hybrid working model is acceptable
Requirements
- 3-5 years with SIEM/SOAR (Splunk/Sentinel/etc.); KQL/SPL/Python; API integration.
- Experience with enrichment, UEBA, automation, and content lifecycle.
- Security clearance: Ability to obtain/maintain a Public Trust (or higher per client).
- US Citizenship or Green Card Required, with eligibility to obtain a public trust clearance.
Nice To Haves
- Bachelor's; vendor SIEM/SOAR certs a plus.
Responsibilities
- Architect ingestion/normalization; maintain log source catalog and data quality controls.
- Create/tune correlation rules and SOAR playbooks aligned to ATT&CK track coverage/efficacy.
- Integrate identity, endpoint, cloud, DLP, PAM, and threat intel; enforce RBAC and change governance.
- Deliver dashboards and KPIs; optimize reliability using SLOs/metrics.
Benefits
- Competitive compensation
- Comprehensive insurance options
- Matching contributions through the 401(k) plan and the share purchase plan
- Paid time off for vacation, holidays, and sick time
- Paid parental leave
- Learning opportunities and tuition assistance
- Wellness and Well-being programs
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
