What You'll Do- Maintain SIEM solutions (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in cloud environments (AWS, Azure, GCP) to support FedRAMP continuous monitoring requirements
- Maintain and support SIEM platforms (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in AWS, Azure, and GCP environments to support continuous monitoring and compliance requirements
- Manage and maintain log collection infrastructure including forwarders, collectors, and ingestion pipelines across hybrid environments
- Support SIEM performance tuning, storage management, retention settings, and licensing optimization under established operational guidelines
- Implement and maintain log retention and audit configurations aligned with FedRAMP and other compliance framework requirements
- Develop, tune, and maintain detection rules, correlation searches, and alerting logic to identify security events
- Create and maintain custom parsers and field extractions for complex or proprietary log sources
- Reduce false positives through ongoing rule tuning, baseline analysis, and detection improvement efforts
- Participate in peer reviews of detection rules and SIEM configuration changes
- Monitor SIEM alerts and investigate security events to support incident response and threat hunting activities
- Contribute to development and maintenance of detection and response playbooks and operational procedures
- Support troubleshooting of SIEM ingestion, parsing, and performance issues
- Work with infrastructure and application teams to onboard new log sources and improve security visibility
- Collect and organize SIEM control evidence and artifacts for audits and 3PAO assessment activities
- Ensure SIEM configurations support required controls such as audit review, log integrity, and time synchronization
- Create and maintain SIEM architecture, detection, and operational documentation and runbooks
- Provide technical support during client reviews and operational meetings as assigned
- Share knowledge and provide guidance to junior team members
- Contribute to process improvement and automation initiatives within SIEM and detection workflows
What You'll Bring- 3+ years of hands-on systems engineering and architecture experience-including requirements definition, architecture development, use-case/story creation, and systems integration/testing.
- 3+ years of cloud experience in architecture, design, implementation, operations, and automation (AWS, Azure, or GCP).
- Proven expertise with SIEM platforms (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) and enterprise antivirus (AV) solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender).
- Understanding of AWS, Azure, or GCP platform capabilities (ideally as a Cloud Architect, Cloud DevOps Engineer, or Cloud Security Engineer).
- Experience working in Agile environments with technical teams of three or more individuals.
- Excellent communication, organizational, and problem-solving skills, with the ability to convey complex technical information clearly.
- Strong documentation skills for creating technical diagrams, written descriptions, and other supporting materials.
- Demonstrated ability to work both independently and as a member of a team, maintaining a professional attitude and demeanor.
- Critical thinking skills to balance robust security requirements against mission objectives.
- Proven track record of adapting quickly and efficiently in fast-paced, dynamic environments.
- Proven track record delivering end-to-end SIEM solutions in large-scale or high-compliance environments-from initial design through operational handover.
- Hands-on leadership or senior-level contribution in cloud security projects, collaborating across cross-functional teams (e.g., DevOps, architecture, compliance) to drive impactful security outcomes.
- Documented success integrating multiple security tools (SIEM, AV, intrusion detection systems, etc.) into a cohesive, enterprise-wide monitoring solution.
- History of working under strict regulatory or industry frameworks (e.g., FedRAMP, HIPAA, PCI), ensuring solutions meet required standards without sacrificing performance.
- Demonstrable client-facing experience in a consulting or services capacity, maintaining professionalism and clear communication in high-stakes or fast-paced engagements.
- Splunk Enterprise Certified Admin or SumoLogic Administration or Microsoft Security Operations Analyst Associate
- AWS Solutions Architect Professional or AWS DevOps Engineer Professional or Azure Solutions Architect Expert or GCP Cloud Architect
- Bachelor's degree or equivalent work experience.
- US citizenship (required due to client contractual requirements)
Bonus Points- Professional services background: Prior experience supporting external clients from within a consulting or professional services organization.
- Automation capabilities: Experience automating workflows in GitLab or GitHub with Terraform and Ansible.
- Modern application architectures: Proven expertise with serverless, microservices, and related technologies.
- Configuration baseline standards: Familiarity with CIS Benchmarks, DISA STIG, and other relevant guidelines.
- Encryption technologies: Hands-on experience implementing SSL, PKI, and other encryption methods.
- Compliance frameworks: Understanding of FedRAMP, FISMA, HIPAA, HITRUST, PCI, and similar regulatory standards.
- Splunk Enterprise Certified Architect or Splunk Certified Automation Developer
$78,000 - $135,000 a year
The salary range listed is a reasonable estimate of the compensation range for this role based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs.
