Cyber Data Analysis (SIEM)

Clearance Level
Top Secret/SCI
Information Security
St Louis, Missouri

REQ#: RQ129804

Travel Required: None
Requisition Type: Regular

GDIT is your place. You make it your own by embracing autonomy, seizing opportunity, and being trusted to deliver your best every day. We think. We act. We deliver. There is no challenge we can't turn into opportunity. And our work depends on TS/SCI level cleared Cyber Data Analysis (SIEM) joining our team to support our Intelligence customer in St. Louis, MO.

The desired candidate will provide cybersecurity data analysis services, which designs, develops, builds, tests, configures, employs, operates, integrates, sustains, and refreshes the Security Information Events Management (SIEM) capability (i.e. Enterprise Audit), long-term analytics platform, log aggregation platform, and the cyber threat intelligence capability, signature development and deployment, and reputation management services. This includes the onboarding of all new and existing IT resources, and ensuring the correct routing of all audit events to mission partners in accordance with Intelligence Community Standards (ICS) 500-27.

Job Duties Include:

  • Analyzes trends and patterns of data to identify previously undiscovered events and incidents, and develop or tune rules/signatures/scripts as needed
  • Analyzes trends and patterns of data to predict adversary actions on customer systems, and develop or tune rules/signatures/scripts as needed
  • Coordinates with Network Security Services, Endpoint Security Services, and Cybersecurity Data Analysis Services to develop or tune rules/signatures/scripts
  • Coordinates with other Cybersecurity Operations Services to investigate and obtain information about potential sources of compromise on customer systems, and develop or tune rules/signatures/scripts as needed
  • Correlates and analyzes precursors to incidents, and develop or tune rules/signatures/scripts as needed
  • Improve SIEM alert efficiency though evaluation of valid alerts and false positives, and develop or tune rules/signatures/scripts as needed
  • Assists the C-IRT by assessing ongoing incident activity to predict adversary responses and locations of compromise


BA/BS (or equivalent experience)

8+ years of experience

Required Skills:

  • Maintains enterprise cybersecurity infrastructure requirements
  • Applies Elastic search experience to optimize SIEM and data utilization for long term archive
  • Monitors, maintains and Upgrades petabyte scale Elasticsearch environment
  • Elasticsearch expert to include infrastructure support experience
  • AWS cloud expert
  • Linux (RHEL) Expert
  • Bash / Python Scripting

Desired skills

  • Regex
  • Data paring experience
  • Data routing
  • Experience with data broker technologies such as Kafka
  • Data Parsing
  • Arcsight
  • Splunk
  • SOAR
  • UBA
  • Beats
  • Log Stash
  • Event Broker
  • Experience with Logstash
  • Elasticsearch SIEM experience

About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.