SIEM Engineer

Job#: 3036554

Job Description:
SIEM Engineer

Location: Fort Meade, Maryland (Onsite)

Role Overview

Our organization is seeking a SIEM Engineer to support a critical enterprise migration from Splunk to Elastic. This role will serve as a senior analyst, responsible for developing queries, tuning alerts, and performing advanced analysis within a large-scale environment. The position involves translating existing security use cases, dashboards, and alerts while ensuring detection capabilities are maintained or improved throughout the transition.

Key Responsibilities

• Serve as a senior SIEM analyst leveraging Splunk, with responsibility for query development (SPL), alert tuning, correlation, and advanced analysis.
• Support and contribute to enterprise SIEM migration efforts from Splunk to Elastic, including translating use cases, dashboards, and alerts.
• Validate data ingestion pipelines and log sources during the migration to ensure fidelity.
• Leverage network monitoring and detection capabilities (netflow, PCAP, IDS) to identify adversary activity.
• Perform advanced log analysis, correlation, and threat detection across large-scale datasets.
• Discover adversary campaigns, anomalies, and inconsistencies across SIEM platforms.
• Support the development of cyber fusion frameworks aligned with best practices.
• Analyze and document malicious actor TTPs, mapping them to enterprise vulnerabilities.
• Produce detailed analytic reports and visualizations to communicate findings.
• Provide mitigation strategies to reduce risk and improve the enterprise security posture.

Required Qualifications

• An active IAT Level II or III Certification.
• Experience with Splunk, including SPL query development, dashboard creation, and alert tuning.
• Experience supporting or participating in SIEM platform migrations, preferably from Splunk to Elastic.
• Familiarity with Elastic/ELK Stack tools such as Elasticsearch, Kibana, Logstash, and Beats.
• Knowledge of network protocols (TCP/IP, OSI) and cyber threat methodologies.
• Experience analyzing netflow, PCAP, and custom application logging data.
• Experience with security tools such as Wireshark, passive DNS, and threat intelligence platforms.
• Experience with other SIEM tools like QRadar, Crowdstrike, or Microsoft Defender.

Preferred Qualifications

• Experience supporting DISN or DOW networks.
• Demonstrated experience building SIEM dashboards, analytics, and detection content in Splunk and/or Elastic.
• Hands-on experience with Splunk to Elastic migrations, data pipeline validation, or detection engineering conversions.
• Familiarity with intelligence-driven defense methodologies.
• IAT Level III and/or IAM Level II/III Certifications.

Everforth Apex is a world-class IT services company that serves thousands of clients across the globe. When you join Everforth Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRateds Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico.

Everforth Apex uses a virtual recruiter as part of the application process. Click for more details. By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Everforth Apex and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy at

Everforth Apex Benefits Overview: Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Everforth Apex team member can provide.

Everforth Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Everforth Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law.

If you require an accommodation under the Americans with Disabilities Act to participate in an interview with a virtual recruiter or to use our website for a search or application, please contact our Benefits Department at or . Please note that this contact information is strictly to be used for medical ADA accommodations and that no other inquiries will be answered.

UnitedHealthcare creates and publishes the Transparency in Coverage Machine-Readable Files on behalf of Everforth Apex Systems.