SIEM/Tool Engineer

We are seeking a highly skilled and innovative SIEM/Tool Engineer to join our team in the greater DMV area, supporting the Army National Guard. Responsibilities Architect, administer, and scale enterprise SIEM and security monitoring platforms; integrate telemetry from network, endpoint, cloud, identity, and OT sources. Develop and maintain parsing/normalization logic, data enrichment pipelines, dashboards, alerting, and automated workflows to support detection and analytic scalability. Implement performance optimization strategies, capacity planning, and tuning to ensure reliable, high‑volume ingestion and query performance. Lead platform upgrades, patching, health monitoring, configuration management, and high‑availability operations to sustain operational resilience. Build and maintain reusable correlation rules, detection content, and analytic libraries; collaborate with detection engineers to operationalize use cases. Design and oversee retention, storage, and evidence export processes to support investigations, RMF/evidence needs, and auditability. Troubleshoot platform issues, conduct root‑cause analysis of ingestion/parsing failures, and coordinate remediation with data engineering and security teams. Establish platform governance, hardening baselines, access controls, and operational runbooks; mentor platform operators and engineers. Produce architecture artifacts, capacity/health reports, and executive summaries to inform leadership and roadmap decisions. #ENOCS Qualifications Qualifications Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD Clearance: Active TS/SCI clearance. Candidate must meet ONE of the following: Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR Relevant DoD/military training (documented advanced SIEM/forensics/analytics coursework); OR Relevant professional certification or equivalent experience (examples: GREM; CFR; CySA+; GCFA; GCFE; PenTest+). Required experience and skills: Security engineering, SIEM/platform engineering, or analytics platform experience with at least 3 years architecting/operating enterprise SIEM solutions. Deep expertise in log parsing/normalization, ingestion pipelines, detection rule design, dashboarding, and alert/workflow automation. Hands‑on experience with major SIEM/analytics platforms (e.g., Splunk, Elastic, QRadar, Microsoft Sentinel) and related ecosystem tooling. Proven ability to perform capacity planning, performance tuning, high‑availability design, and platform upgrade/migration activities. Strong scripting/automation skills (Python, PowerShell, Bash), familiarity with data pipelines, and ability to produce audit‑quality export/evidence flows. Desired: Prior DoD/ARNG SIEM engineering or SOC platform experience and familiarity with RMF/evidence workflows. Training such as DC3 Cyber Forensics Course and advanced forensic/IR certifications (e.g., GREM, GCFA) preferred. #ENOCS Peraton Overview Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.