SIEM Analyst

FITS is a full-service IT consulting firm with over 20 years of expertise. We are proud to be a minority, veteran-owned firm that provides comprehensive IT consulting services, information security, and cloud computing security to clients of all sizes since 2000. We are dedicated to helping our clients achieve their security and compliance goals while providing thoughtful and responsive professional services.  

Location: Hybrid (Remote with On-Site Support as Needed in the DC Metro Area)
Clearance: Active Public Trust required
Salary Range: $110,000 – $125,000 per year, based on experience and qualifications
Eligibility: This position is open to U.S. citizens only. Visa sponsorship is not available.

About the Role

We are seeking a SIEM Analyst to support cybersecurity operations for a government customer. This role will focus on improving threat detection across Microsoft Sentinel and related platforms, with an emphasis on custom alerting, log normalization, detection rule tuning, and threat intelligence integration. The SIEM Analyst will work closely with the cybersecurity engineering team to enhance situational awareness and support proactive threat hunting.

This role is part of a four-person cybersecurity team supporting the deployment, integration, and maturation of the customer’s Zero Trust and security monitoring capabilities.

What You’ll Do

• Develop and tune detection rules within Microsoft Sentinel to reduce false positives and improve incident response effectiveness.
• Normalize log data and verify ingestion across multiple systems and data sources.
• Create custom analytics and alerts aligned with organizational risk priorities.
• Integrate threat intelligence feeds to enrich log context and detection use cases.
• Analyze log data using KQL and Sentinel workbooks to detect anomalies.
• Maintain detection infrastructure and coordinate updates to rules and alert baselines.
• Provide recommendations for improving log collection, formatting, and pricing tier configurations.
• Support development of standard operating procedures, tuning guides, and related documentation.
• Collaborate with the SOC team to support investigations and improve response workflows.
• Participate in operational reviews and recurring meetings with stakeholders.
• Help design and deliver knowledge-sharing sessions related to Sentinel and threat detection.
• Maintain and support security technologies including Microsoft Sentinel, Defender, Trellix HX/CM, and log ingestion pipelines.

Technologies You’ll Work With

• SIEM and Monitoring Tools: Microsoft Sentinel
• Threat Detection and Response: Microsoft Defender for Endpoint, Trellix HX/CM
• Log Sources & Formats: Syslog, CEF
• Analysis & Visualization: KQL, Sentinel Workbooks
• Collaboration: ServiceNow

What You’ll Bring

Required Skills:

• Active Public Trust clearance.
• 3+ years of experience working with Microsoft Sentinel or similar SIEM tools.
• 3 years of hands-on experience with Microsoft GovCloud (GCC or GCC-H)
• Hands-on experience tuning detection rules and creating custom analytics.
• Strong understanding of log ingestion, normalization, and security telemetry.
• Familiarity with Microsoft Defender, Trellix, and other detection platforms.
• Strong KQL skills and experience building dashboards or workbooks in Sentinel.
• Working knowledge of common log formats (e.g., syslog, CEF) and their use in threat detection.
• Ability to incorporate threat intelligence into analytic workflows.
• Excellent written communication skills and attention to detail in documentation.

Preferred Skills:

• Experience supporting incident handling within a SOC environment.
• Understanding of Zero Trust Maturity Model and related federal cybersecurity initiatives.
• Familiarity with detection infrastructure tuning and automation best practices.
• Certifications such as Microsoft SC-200 or CompTIA Security+.

The FITS pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, or other law.

First Information Technology Services, Inc. believes that a well-rounded compensation package helps teams members thrive in their work and home life. FITS proudly invests in benefits for its employees, covering 100% of health, dental, and vision coverage for employees and their dependents (including domestic partners), matching 401(K), short/long term disability, life insurance, and parental leave. Paid time off accrues at a starting rate of 15 days/year, increasing with tenure. Employees working for clients in Washington state have 10 paid holidays. FITS also provides up to $5,000 annually for professional development, including reimbursement of job-related training classes, seminars, tuition, and certification expenses. 

FITS is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind. FITS is committed to the principle of equal employment opportunity for all employees and to provide employees with a work environment free of discrimination and harassment. All employment decisions at FITS are based on business needs, job requirements, and individual qualifications, regardless of race, color, ethnicity, age, religion or belief, sex, sexual orientation, gender identity and/or expression, national origin, family or parental status, disability, military or veteran status, or any other status protected by the laws or regulations in the locations where we operate.