Cybersecurity Engineer (SIEM & Security Operations)

Overview / Summary
Preference will be given to candidates who can work onsite over hybrid and over full-time remote arrangements (onsite as needed). This role supports the planning, deployment, integration, and operational management of enterprise security platforms and security initiatives. The position works closely with security architects and IT teams to strengthen enterprise security controls, support vulnerability management efforts, and enhance threat detection and response capabilities.

Key Responsibilities
• Assist in the planning, design, deployment, and operational support of enterprise security platforms, including SIEM, XDR, vulnerability management, DLP, and security awareness/training platforms.
• Support the development and maturation of the enterprise Vulnerability Management Program, including scanning, reporting, remediation tracking, and metrics.
• Build, deploy, configure, and maintain Linux-based security sensors and related endpoint monitoring tools.
• Assist in the integration and automation of security and enterprise IT tools using scripting and orchestration technologies.
• Collaborate with security architects to design and implement enterprise security solutions aligned with business goals, regulatory requirements, and organizational risk tolerance.
• Design, deploy, and manage countermeasures to address known security threats and contribute to mitigation strategies for emerging threats.
• Ensure consistent application of security controls across enterprise infrastructure and applications; validate control effectiveness and recommend improvements.
• Support incident detection and response activities through monitoring, log analysis, and reporting.
• Develop technical documentation, implementation guides, and standard operating procedures.
• Perform other duties as assigned in support of the Division of Information Security.

Required Qualifications
• 5+ years of experience supporting large IT environments and/or system deployments.
• 5+ years of experience implementing and supporting enterprise security tools, including SIEM, Cribl, XDR, vulnerability management, DLP, and endpoint security.
• 5+ years of experience developing automation and integrations using scripting languages such as Python and Bash.
• Strong understanding of enterprise security architecture and engineering principles.
• Knowledge of cybersecurity best practices, threat detection, and defensive security strategies.
• Experience with Linux and Windows operating systems, including system hardening and security configuration.
• Bachelor''s degree in an Information Technology or Information Security related field, or eight years of relevant work experience in lieu of education.

Preferred Qualifications
• Hands-on SIEM administration, analysis, and reporting experience.
• Experience building and deploying Linux-based security sensors.
• Familiarity with security frameworks and compliance standards such as NIST CSF, CJIS, IRS 1075, and CMS MARS-E.
• CISSP certification.
• Security+ certification.