SIEM Engineer III

ECS is seeking a SIEM Engineer III to work remotely.

Summary 

Are you passionate about the ever-evolving field of cybersecurity and ready to embark on a career with a positive and lasting impact? Join our dynamic team at ECS, a leading provider of solutions in science, engineering, and advanced technologies, including cloud, cybersecurity, artificial intelligence (AI), data, and enterprise transformation solutions. As a SIEM Engineer III, you'll play a crucial role in our mission to safeguard organizations against cyber threats. If you're seeking a challenging yet rewarding position where you can enhance your skills, collaborate with experts in the field, and contribute significantly to the protection of digital assets, this opportunity is perfect for you. 

Our SIEM Engineers are at the forefront of our delivery team, responsible for strengthening the digital defenses of our clients. Your primary focus will be on ensuring the reliability and security of our Security Information and Event Management (SIEM) systems, which are often the first line of defense against cyber adversaries. You'll delve deep into the intricacies of SIEM technology, assist in implementing cutting-edge solutions, and work closely with our experienced team to detect and mitigate emerging threats. If you're a tech-savvy individual with a strong desire to protect organizations from the evolving cyber threat landscape, this role offers a unique opportunity to hone your skills and make a significant impact in the world of cybersecurity. 

Responsibilities 

• Lead the design, implementation, and optimization of enterprise-scale SIEM solutions for clients, ensuring customization to their unique needs and compliance requirements. 

• Serve as the client’s primary point of contact and subject matter expert during delivery of complex deployment projects.  

• Collaborate with senior engineers to develop and enforce best practices for log ingestion, parsing, normalization, enrichment, and data retention strategies tailored to specific security needs. 

• Conduct advanced system health checks, capacity planning, and performance tuning of SIEM infrastructure to optimize system performance and reliability. 

• Lead the integration of the SIEM platform with a diverse array of tools and systems, ensuring seamless interoperability and enhanced security posture. 

• Develop and implement sophisticated scripts to automate tasks and enhance interactions between the SIEM and other systems, improving efficiency and reducing manual effort. 

• Configure and enhance monitoring solutions to proactively evaluate SIEM platform performance and maintain system integrity. 

• Independently document and resolve complex issues, leveraging deep technical expertise and collaborative problem-solving skills. 

• Take charge of SIEM configuration management, making strategic adjustments to optimize performance and data accuracy, and adapting to changes in the monitored environment. 

• Maintain detailed documentation of SIEM system configurations, operations, and procedures. Ensure documentation is comprehensive, up-to-date, and adheres to compliance standards. 

• Act as the primary liaison with vendors for advanced support and resolution of complex product-related issues. 

• Engage in and sometimes lead expert-level training on SIEM features and capabilities. Facilitate knowledge transfer sessions to elevate team expertise. 

• Provide high-level support and strategic advice to security analysts, ensuring that the SIEM system's capabilities are fully leveraged to meet security operations' needs. 

• Drive continuous improvement initiatives for SIEM-related processes, focusing on efficiency gains and advanced security enhancements. 

• Participate in continuous improvement initiatives to streamline SIEM-related processes. 

• Provide strategic feedback and suggestions for automating repetitive tasks and improving system configurations based on expert knowledge and experience. 

At least three years of experience demonstrating proficiency in the following skills: 

• Proven experience with SIEM technologies, concepts, and common platforms with a heavy focus on Splunk. Additional experience with technologies, such as Elastic, Crowdstrike NextGen SIEM, IBM QRadar, or LogRhythm are highly valued.  

• Proven experience providing strategic direction and technical oversight to mentor junior SIEM engineers. 

• In-depth experience with system administration across various operating systems, especially those prevalent in corporate environments (Windows, Linux, MacOS), with a focus on security configurations and optimizations. 

• Comprehensive knowledge of the cybersecurity field, including advanced threat landscapes, sophisticated security protocols, and a wide array of cyberattack methodologies. 

• Familiarity with data security and compliance standards. 

• Proficiency in scripting languages like Python, PowerShell, or Bash is required, with an emphasis on developing complex scripts for automating tasks and integrating disparate systems within the SIEM ecosystem. 

• Exceptional skills in diagnosing and resolving intricate issues, employing logical and advanced problem-solving techniques to address complex challenges within the SIEM environment. 

• Proven ability to lead and collaborate effectively within a team, including guiding and mentoring junior engineers, interfacing with IT staff, and working closely with security analysts and detection engineers to enhance overall security strategies. 

• Outstanding verbal and written communication abilities for creating detailed documentation, conveying complex technical concepts in an understandable manner, and effectively reporting to both technical teams and upper management. 

• The capability to think strategically about the use of SIEM technology within the broader organizational context, including the development of innovative approaches to using SIEM for enhanced security postures. 

• Other Requirements of the position include: 

• Bachelor’s degree; preferably in Computer Science, Information Security, or a related field. Will consider experience in lieu of a degree. 

• Able and willing to support domestic or international on-site travel with customers or at ECS offices. Any travel will be short in duration and well-planned. 

• Possess and maintain a U.S. Passport. 

• Wear professional business attire for in-person meetings and teleconferences with internal and external organizations. 

• Perform duties not explicitly listed in this position description, as assigned. 

• Able and willing to obtain a US Security Clearance.