ECS is seeking a SIEM Engineer III to work in our Hampton, VA or Boston, MA office.
Are you passionate about the ever-evolving field of cybersecurity and ready to embark on a career with a positive and lasting impact? Join our dynamic team at ECS, a leading provider of solutions in science, engineering, and advanced technologies, including cloud, cybersecurity, artificial intelligence (AI), data, and enterprise transformation solutions. As a Security Information and Event Management (SIEM) Engineer III, you'll play a crucial role in our mission to safeguard organizations against cyber threats. If you're seeking a challenging yet rewarding position where you can enhance your skills, collaborate with experts in the field, and contribute significantly to the protection of digital assets, this opportunity is perfect for you.
As a SIEM Engineer III on our Managed Security Services Provider (MSSP) team, you'll be a pivotal player in enhancing our clients' digital defenses. This advanced role focuses on maximizing the reliability and security of our SIEM systems, crucial in combating cyber threats. You'll not only delve into sophisticated SIEM technologies and lead cutting-edge solution implementations but also mentor our team in detecting and mitigating emerging cybersecurity threats. Ideal for a tech-savvy individual passionate about evolving security landscapes, this role offers a significant opportunity to refine your skills and impact the cybersecurity sphere meaningfully.
Independently spearhead complex SIEM installations, configurations, and deployments across diverse client environments. Ensure tailored solutions that align with specific client needs and regulatory compliance. Serve as the expert point of contact for high-level deployment strategies.
Collaborate with top-tier engineers to architect sophisticated deployment frameworks. Take a leadership role in executing intricate configurations that cater to unique security requirements.
Direct and perform crucial maintenance activities on SIEM systems, encompassing vital patches, updates, and strategic overhauls. Utilize expert knowledge to fine-tune performance, ensuring maximum reliability and efficiency.
Lead and refine the integration of SIEM platforms with a broad spectrum of tools and systems. Guarantee optimal interoperability to strengthen overall security infrastructure.
Craft and implement complex scripts to automate tasks, enhancing SIEM interactions with various systems, thereby streamlining operations and minimizing manual intervention.
Conduct in-depth health checks and continuous monitoring of SIEM performance. Implement proactive strategies to uphold system integrity and anticipate potential issues.
Independently handle and document intricate issues, applying advanced technical acumen and collaborative problem-solving techniques.
Oversee SIEM configuration management, making strategic modifications to enhance performance, accuracy, and adaptability to evolving environments.
Maintain meticulous records of SIEM configurations, operations, and procedures, ensuring clarity, currency, and compliance adherence.
Act as the primary liaison for high-level vendor interactions, tackling complex product-related challenges and driving resolution.
Engage in and lead specialized training sessions on SIEM capabilities. Conduct knowledge-sharing workshops to boost the team's expertise and operational effectiveness.
Provide top-level support and advice to security analysts, maximizing the SIEM system's potential to fulfill security operation requirements.
Drive initiatives aimed at enhancing SIEM-related processes, focusing on advancements in security capabilities and operational efficiencies.
Offer strategic insights for automating routine tasks and refining system configurations, leveraging extensive experience and technical knowledge.
At least five years of experience demonstrating proficiency in the following skills:
Demonstrated mastery in SIEM concepts and platforms such as Elastic, Splunk, IBM QRadar, or LogRhythm, including the ability to design, implement, and optimize complex SIEM solutions.
In-depth experience with system administration across various operating systems, especially those prevalent in corporate environments (Windows, Linux, MacOS), with a focus on security configurations and optimizations.
Comprehensive knowledge of the cybersecurity field, including advanced threat landscapes, sophisticated security protocols, and a wide array of cyberattack methodologies.
Proficiency in scripting languages like Python, PowerShell, or Bash is required, with an emphasis on developing complex scripts for automating tasks and integrating disparate systems within the SIEM ecosystem.
Exceptional skills in diagnosing and resolving intricate issues, employing logical and advanced problem-solving techniques to address complex challenges within the SIEM environment.
Proven ability to lead and collaborate effectively within a team, including guiding and mentoring junior engineers, interfacing with IT staff, and working closely with security analysts to enhance overall security strategies.
Outstanding verbal and written communication abilities for creating detailed documentation, conveying complex technical concepts in an understandable manner, and effectively reporting to both technical teams and upper management.
The capability to think strategically about the use of SIEM technology within the broader organizational context, including the development of innovative approaches to using SIEM for enhanced security postures.
Other Requirements of the position include:
Able and willing to support domestic or international on-site travel with customers or at ECS offices. Any travel will be short in duration and well-planned.
Possess and maintain a U.S. Passport.
Wear professional business attire for in-person meetings and teleconferences with internal and external organizations.
Perform duties not explicitly listed in this position description, as assigned.
Possess a US Security Clearance.
Bachelor's degree; preferably in Computer Science, Information Security, or a related field. Will consider experience in lieu of a degree.
At least five years of hands-on experience with specific SIEM platforms, indicating a deeper understanding of their features and capabilities. Experience with Elastic is highly valued.
At least three years of experience integrating SIEMs with SOAR and IRCM.
Experience deploying, configuring, maintaining, and troubleshooting Elasticsearch and Kibana on bare metal, Elastic Cloud Enterprise (ECE), Elastic Cloud on Kubernetes (ECK), and/or Elasticsearch Service.
Configuration management experience through Ansible/Terraform/Chef/Puppet or like tools.
Security community contributions (blog posts, white papers, conference talks, tool development, etc.)
A stronger grasp of advanced network infrastructure, including cloud networks, virtual networks, and network segmentation, which can be crucial for more sophisticated SIEM deployments.
Skills in project management and familiarity with methodologies like Agile can be beneficial, particularly in managed service environments.
Familiarity with implementing machine learning pipelines and integrating AI-driven analytics into SIEM for improved incident detection and automated response.
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.