SIEM Engineer III

Job Description

ECS is seeking a SIEM Engineer III to work remotely .

Summary

Are you passionate about the ever-evolving field of cybersecurity and ready to embark on a career with a positive and lasting impact? Join our dynamic team at ECS, a leading provider of solutions in science, engineering, and advanced technologies, including cloud, cybersecurity, artificial intelligence (AI), data, and enterprise transformation solutions. As a SIEM Engineer III, you'll play a crucial role in our mission to safeguard organizations against cyber threats. If you're seeking a challenging yet rewarding position where you can enhance your skills, collaborate with experts in the field, and contribute significantly to the protection of digital assets, this opportunity is perfect for you.

Our SIEM Engineers are at the forefront of our delivery team , responsible for strengthening the digital defenses of our clients. Your primary focus will be on ensuring the reliability and security of our Security Information and Event Management (SIEM) systems, which are often the first line of defense against cyber adversaries. You'll delve deep into the intricacies of SIEM technology, assist in implementing cutting-edge solutions, and work closely with our experienced team to detect and mitigate emerging threats. If you're a tech-savvy individual with a strong desire to protect organizations from the evolving cyber threat landscape, this role offers a unique opportunity to hone your skills and make a significant impact in the world of cybersecurity.

R esponsibilities

• Lead the design, implementation, and optimization of enterprise-scale SIEM solutions for clients, ensuring customization to their unique needs and compliance requirements.

• Serve as the client's primary point of contact and subject matter expert during delivery of complex deployment projects .

• Collaborate with senior engineers to d evelop and enforce best practices for log ingestion, parsing, normalization, enrichment, and data retention strategies tailored to specific security needs.

• Conduct advanced system health checks, capacity planning, and performance tuning of SIEM infrastructure to o ptimize system performance and reliability .

• Lead the integration of the SIEM platform with a diverse array of tools and systems, ensuring seamless interoperability and enhanced security posture.

• Develop and implement sophisticated scripts to automate tasks and enhance interactions between the SIEM and other systems, improving efficiency and reducing manual effort.

• Configure and enhance monitoring solutions to proactively evaluate SIEM platform performance and maintain system integrity.

• Independently document and resolve complex issues, leveraging deep technical expertise and collaborative problem-solving skills.

• Take charge of SIEM configuration management, making strategic adjustments to optimize performance and data accuracy, and adapting to changes in the monitored environment.

• Maintain detailed documentation of SIEM system configurations, operations, and procedures. Ensure documentation is comprehensive, up-to-date, and adheres to compliance standards.

• Act as the primary liaison with vendors for advanced support and resolution of complex product-related issues.

• Engage in and sometimes lead expert-level training on SIEM features and capabilities. Facilitate knowledge transfer sessions to elevate team expertise .

• Provide high-level support and strategic advice to security analysts, ensuring that the SIEM system's capabilities are fully leveraged to meet security operations' needs.

• Drive continuous improvement initiatives for SIEM-related processes, focusing on efficiency gains and advanced security enhancements.

• Participate in continuous improvement initiatives to streamline SIEM-related processes.

• Provide strategic feedback and suggestions for automating repetitive tasks and improving system configurations based on expert knowledge and experience.

Required Skills

At least three years of experience demonstrating proficiency in the following skills:

• Proven experience with SIEM technologies, concepts, and common platforms with a heavy focus on Spl unk . Additi onal experience wit h tech nologies, such as Elastic, Crowdstrike NextGen SIEM, IBM QRadar , or LogRhythm are highly valued.

• Proven experience providing strategic direction and technical oversight to mentor junior SIEM engineers .

• In-depth experience with system administration across various operating systems, especially those prevalent in corporate environments (Windows, Linux, MacOS), with a focus on security configurations and optimizations.

• Comprehensive knowledge of the cybersecurity field, including advanced threat landscapes, sophisticated security protocols, and a wide array of cyberattack methodologies.

• Familiarity with data security and compliance standards.

• Proficiency in scripting languages like Python, PowerShell, or Bash is required , with an emphasis on developing complex scripts for automating tasks and integrating disparate systems within the SIEM ecosystem.

• Exceptional skills in diagnosing and resolving intricate issues, employing logical and advanced problem-solving techniques to address complex challenges within the SIEM environment.

• Proven ability to lead and collaborate effectively within a team, including guiding and mentoring junior engineers, interfacing with IT staff, and working closely with security analysts and detection engineers to enhance overall security strategies .

• Outstanding verbal and written communication abilities for creating detailed documentation, conveying complex technical concepts in an understandable manner, and effectively reporting to both technical teams and upper management.

• The capability to think strategically about the use of SIEM technology within the broader organizational context, including the development of innovative approaches to using SIEM for enhanced security postures .

• Other Requirements of the position include:

• Bachelor's degree; preferably in Computer Science, Information Security, or a related field. Will consider experience in lieu of a degree.

• Able and willing to support domestic or international on-site travel with customers or at ECS offices. Any travel will be short in duration and well-planned.

• Possess and maintain a U.S. Passport.

• Wear professional business attire for in-person meetings and teleconferences with internal and external organizations.

• Perform duties not explicitly listed in this position description, as assigned.

• Able and willing to obtain a US Security Clearance.

Desired Skills

• At least three years of hands-on experience with specific SIEM platforms, indicating a deeper understanding of their features and capabilities. Experience with Splunk and/or Elastic are highly valued.
• Experience architecting and maintaining integrations with security tools (e.g., EDR, IDS/IPS, firewalls, threat intel feeds) to enhance detection and correlation capabilities.

• Implement machine learning and UEBA capabilities (where applicable) in Splunk and Elastic for anomaly detection and behavior analytics.

• Experience integrating SIEM platforms with SOAR and IRCM.

• Experience deploying, configuring, main taining and troubleshooting Splunk Enterprise.

• Experience with onboarding diverse log sources (e.g., firewalls, proxies, EDR, cloud, SaaS) using Splunk Universal Forwarders and HEC.

• Skilled in data normalization and CIM compliance to ensure effective correlation within Splunk ES.

• Hands-on experience developing and customizing Splunk Technology Add-ons (TAs) for log parsing and field normalization.

• Working knowledge of Splunk's REST API for automation, integration, and operational scripting.

• Experience with indexer clustering, search head clustering, and distributed Splunk deployments.

• Understanding of Splunk licensing model, ingestion costs, and strategies for optimizing data usage.

• Familiarity with SOAR integration (e.g., Splunk SOAR/Phantom) for automated incident response and playbook execution.

• Awareness of log formats and protocols: syslog, JSON, XML, CEF, LEEF, and their ingestion best practices in Splunk.

• Strong scripting skills in Python, PowerShell, or Bash for automation, log processing, and enrichment.

• Experience deploying, configuring, maintaining , and troubleshooting Elasticsearch and Kibana on bare metal, Elastic Cloud Enterprise (ECE), Elastic Cloud on Kubernetes (ECK), and/or Elasticsearch Service.

• Experience with DevOps practices and tools (e.g., GitHub, GitHub Actions, CI/CD pipelines, Ansible, Terraform).

• Security community contributions (blog posts, white papers, conference talks, tool development, etc.)

• A stronger grasp of advanced network infrastructure, including cloud networks, virtual networks, and network segmentation , which can be crucial for more sophisticated SIEM deployments.

• Skills in project management and familiarity with methodologies like Agile can be beneficial .

• Familiarity with implementing machine learning pipelines and integrating AI-driven analytics into SIEM for improved incident detection and automated response.

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.