Position DescriptionSIEM/SOAR Engineer to manage and maintain the CSSP's Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms. This role is responsible for administering an enterprise Elastic cluster while ensuring the performance, availability, and security of these critical systems. The engineer will leverage strong communication, analytical, and problem-solving skills to identify, communicate, and resolve issues, ultimately maximizing the effectiveness and value of CSSP security system investments.
Location: Onsite in Charleston, SC.
Clearance Required: Active Secret
Education Requirement: Bachelor's Degree in related field.
Certification Required: DoD 8570 IAT Level II and DoD 8140 CSSP Auditor compliant
Required Experience:- Minimum of 3 years of experience in maintaining an enterprise Elastic cluster.
- Proficiency in managing and maintaining SIEM and SOAR solutions.
- Experience with Elasticsearch Enterprise (including Logstash and Kibana) for SIEM operations.
- Understanding of security event and incident management processes.
- Knowledge of scripting languages (e.g., Python, PowerShell) for automation and integration.
- Experience with threat detection and response methodologies.
- Extensive experience with Linux Administration of RHEL Operating Systems.
- Strong experience with networking protocols, solutions, and methodologies.
- Excellent troubleshooting and problem-solving skills.
- Strong documentation skills.
- Strong communication and interpersonal skills.
- Ability to work in a team-oriented, collaborative environment.
- Ability to prioritize and execute tasks in a high-pressure environment.
- Available for on-call after-hours rotational support as needed.
Responsibilities:- Design, implement, and maintain the SIEM and SOAR infrastructure (Elastic and Splunk).
- Manage and maintain an enterprise Elastic cluster to support SIEM operations for the CSSP.
- Monitor and analyze security events and incidents to protect information assets.
- Assist in the develop and maintain use cases, rules, and alerts for threat detection and response.
- Integrate SIEM and SOAR systems with other security tools and data sources.
- Automate security operations workflows and incident response procedures using SOAR platforms.
- Perform regular system monitoring and health checks to ensure the integrity and availability of SIEM and SOAR systems.
- Conduct performance tuning, capacity planning, and scalability assessments for SIEM and SOAR solutions.
- Implement and manage data ingestion pipelines for security event data.
- Perform regular updates, patches, and upgrades for SIEM and SOAR systems.
- Create and maintain documentation for system configurations, processes, and standard operating procedures.
- Collaborate with security analysts, operations analysts, incident responders, and other CSSP teams to ensure effective use of SIEM and SOAR capabilities.
- Provide guidance and support to operations analysts on the use of SIEM and SOAR tools.
- Stay updated with the latest trends, tools, and best practices in SIEM and SOAR technologies.
- Conduct research and recommend improvements to enhance the effectiveness of the SIEM and SOAR solutions.
