Security Engineer

Job Description

ECS is seeking a Security Engineer to work in our Fairfax, VA office in a hybrid onsite/remote capacity.

ECS is seeking a seasoned Security Engineer to support robust Impact Level (IL) 5 and IL6 programs in an operational DoD environment that houses multiple U.S. Coalition Mission Partner Environments (MPE). The Security Engineer is a critical role responsible for implementing, optimizing, and maintaining an Azure Sentinel Security Information and Event Management (SIEM) solution; ensuring optimal log ingestion into the Enterprise SIEM; and providing expertise on all security-related functions within the environment. The Security Engineer reports to the Project Manager and acts as a senior member of a multidisciplinary organization that delivers excellence in AI/ML innovation in on-premises and cloud-native environments.

The Security Engineer position is a demanding, high-energy role that requires a blend of leadership, strategic, and technical acumen to drive program initiatives. The ideal candidate has proven expertise in managing security for hybrid and cloud environments, including identity, networking, and data protection; in-depth knowledge and hands-on expertise with Azure services; scripting proficiency (PowerShell / Azure CLI); experience in threat protection, compliance, and security operations with Microsoft Sentinel and/or Microsoft Defender for Cloud; and essential soft skills (analytical thinking, problem-solving, and communication).

General responsibilities:

• Implement best practices for all security-related functions (e.g., Sentinel, EntraID, Azure IAM, Purview, Active Directory, ADFS, etc.).
• Ensure effective deployment of Security Information and Event Management (SIEM) solutions, and manage costs associated with log ingestion and retention.
• Configure and manage Azure Sentinel data sources, such as Azure Activity Logs, Azure Security Center, Microsoft Defender for Cloud, and third-party data sources.
• Evaluate existing Azure Sentinel architecture, including data connectors, analytics rules, logic apps, workbooks, and automation playbooks; identify opportunities for improvement and provide alternative recommendations.
• Develop and maintain custom analytics rules, hunting queries, and machine learning models to effectively detect and respond to security threats.
• Collaborate with Security Operations teams to investigate and respond to security incidents, and ensure logs are appropriately pushed to the Enterprise SIEM.
• Optimize Azure Sentinel performance, scalability, and cost-effectiveness through appropriate configuration and resource management.
• Maintain currency with the latest Azure Security features, security best practices, and industry trends; continually improve the organization's security posture.
• Provide best practices for the Azure Sentinel platform: identify security detection gaps in infrastructure and process, and develop effective mitigation plans.
• Demonstrate excellent judgment, prioritization and communication of technical security risks, and act as a security liaison while supporting the Security Operations Center (SOC).
• Train SOC Analysts on utilizing cloud-native tools to perform routine security monitoring and incident response activities, leveraging existing dashboards and alerts.
• Provide technical guidance, mentoring, and knowledge-sharing to junior team members and other stakeholders.
• Other duties, as assigned.

Required Skills

• U.S. Citizen.
• DoD Secret security clearance, with the ability to obtain a DoD Top Secret security clearance with Sensitive Compartmented Information indoctrination (TS/SCI).
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related STEM (Science, Technology, Engineering and Mathematics) discipline; 8+ years of equivalent professional experience in lieu of a degree.
• Current DoD 8140 IAT Level II or higher certification (e.g., CompTIA Security+).
• Ability to work in a hybrid capacity, with up to 3 business days per week onsite in Fairfax, VA.
• Ability to travel < 20% to CONOCONUS customer sites and government installations, as needed.
• 6+ years of progressive, hands-on experience in cybersecurity, primarily focused on Security Information and Event Management (SIEM) solutions .
• Advanced knowledge of, and hands-on experience with:
  • Microsoft Azure Sentinel (including deployment, configuration, and administration)
  • Microsoft Azure services (e.g., Azure Monitor, Azure Security Center, and Azure Log Analytics)
  • Security-related functions (e.g., Sentinel, EntraID, Azure IAM, Purview, Active Directory (AD), Active Directory Federation Services (ADFS), etc.)
  • Splunk management
• Strong proficiency with scripting languages (e.g., PowerShell, Python) and data analytics tools (e.g., Kusto Query Language).
• Foundational knowledge of security frameworks, standards, and best practices (e.g., NIST, CIS, MITRE ATT&CK).
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Desired Skills

• Active DoD TS/SCI security clearance.
• In-depth knowledge of alternative SIEM solutions (e.g., Splunk, Elastic, etc.).
• Microsoft Azure certification (e.g., AZ-500: Microsoft Azure Security Engineer Associate) or other relevant industry security certification.
• Knowledge of Atlassian's Jira and Confluence.
• Prior experience with DoD organizations and performers.
• Demonstrated ability to think strategically about business, product, and technical challenges specific to downstream customers.
• Proven experience communicating and demonstrating the value of technical solutions that address complex / competing drivers in multifaceted technical environments.

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3200+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.