We are seeking a highly skilled and experienced SIEM Analyst to join our team. The ideal candidate will have a minimum of five years of overall IT or cybersecurity experience, including at least three years of working knowledge in Government Community Cloud High (GCC-H)/GCC environments. This role involves managing and optimizing Security Information and Event Management (SIEM) systems, with a focus on Microsoft Sentinel, log management, threat intelligence, and incident handling. The SIEM Analyst will play a critical role in ensuring the security and efficiency of our clients' environments through proactive monitoring, analysis, and continuous improvement.

Roles and Responsibilities:

1. Log Management:
   • Reviewing the ingestion and normalization of logs to ensure accuracy and completeness.
   • Ingesting and analyzing all common log formats.
   • Consulting on log storage methods, pricing tiers, and cost management recommendations.
2. Microsoft Sentinel Management:
   • Managing Microsoft Sentinel with regularly updated baselines.
   • Continuously deploying updated rules to enhance security monitoring.
3. Threat Intelligence:
   • Disbursing threat intelligence to key employees.
   • Sharing hardening recommendations and updating baselines based on lessons learned across the client base.
4. Staff Support:
   • Providing educational development by leveraging Microsoft partnerships and team expertise to conduct workshops and training on Azure and M365 Cloud Services.
5. Continuous Improvement:
   • Reviewing architecture to identify gaps in cybersecurity solutions.
   • Driving efficiencies in logging and log storage processes.
6. Program Management Support:
   • Participating in recurring operational touchpoints.
   • Conducting quarterly executive management reviews to provide updates and insights.
7. Automated Response:
   • Utilizing expert systems to enhance security investigations by integrating and analyzing external and internal data sources.
   • Automating investigation workflows to reduce manual effort and accelerate incident response times.
8. 24x7x365 Monitoring of Security Events:
   • Providing advanced endpoint detection and response (EDR) threat detection and response services for desktops, servers, and firewalls.
   • Monitoring and managing security alarms for firewalls, network devices, and Active Directory user behavior.
   • Monitoring Microsoft Sentinel instances and analyzing syslog and Common Event Format (CEF) data.
   • Developing custom alerting capabilities based on business requirements.
9. Incident Handling Support:
   • Supporting incident management for the Security Operations Center (SOC).
   • Conducting recurring operational reviews with the designated SOC Lead.
   • Providing recommended best practices for responding to security events.

Required Qualifications:

• Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Equivalent work experience may be considered in lieu of a degree.
• Minimum of five (5) years of overall IT or cybersecurity experience.
• At least three (3) years of hands-on experience in Government Community Cloud High (GCC-H)/GCC environments.
• Knowledge, skills, and abilities to operate, maintain, and upgrade two or more of the following tools: Microsoft Sentinel, Microsoft Azure, Microsoft DfE, Xacta 360/IO, Zscaler, FedRamp, Cloudflare, NetWitness, Tenable IO, Nexpose, Armis, Trellix HX/CM, and ServiceNow.
• Strong analytical, problem-solving, and communication skills.
• Ability to pass a Public Trust background check prior to onboarding.

IMRI offers top-tier benefits that include: medical coverage through nationally recognized carriers, ancillary coverages, paid vacation and sick leave in compliance with all state and local laws, 401(k) with company match, company paid life insurance and LTD, and several additional voluntary coverages.

Pay will be commensurate with the experience, skills, and qualifications that the candidate brings to the position.

EQUAL EMPLOYMENT OPPORTUNITY

EEO/Affirmative Action Statement and Non-Discrimination Policy IMRI is an Equal Employment Opportunity employer committed to maintaining a non-discriminatory, diverse work environment. In accordance with Title VII of the Civil Rights Act of 1964, Section 503 of the Rehabilitation Act of 1973, Vietnam Era Veteran's Readjustment Assistance Act of 1974 (VEVRAA), Americans with Disabilities) (ADA), and other federal, state, and local anti-discrimination laws, IMRI does not unlawfully discriminate against any person on the basis of race, color, religion, sex, national origin, ancestry, genetic information, age, marital status, sexual orientation, physical or mental disability, or status as a special disabled veteran or other veteran. IMRI will take affirmative action to assure equal opportunity for employment is provided with regard to all personnel actions. This is including but not limited to: recruitment, selection, compensation, benefits, training, promotion, demotion, layoff, termination and all other terms and conditions of employment.