GBSD Cloud SIEM Engineer (top secret, required) - 100% Remote

Clearance Level
Cyber Engineering
Remote, Based in the USA

REQ#: RQ138163

Travel Required: Less than 10%
Public Trust: NACLC (T3)
Requisition Type: Regular

We are GDIT. We stay at the forefront of innovation to solve complex technical challenges. 

The desired candidate will provide cybersecurity data analysis services, which designs, develops, builds, tests, configures, employs, operates, integrates, sustains, and refreshes the Security Information Events Management (SIEM) capability (i.e. Enterprise Audit), long-term analytics platform, log aggregation platform, and the cyber threat intelligence capability, signature development and deployment, and reputation management services. This includes the onboarding of all new and existing IT resources, and ensuring the correct routing of all audit events to mission partners in accordance with Joint Special Access Program Implementation Guide (JSIG) standards.

The Cloud SIEM Engineer will serve as a member of the Governance Risk and Compliance (GRC) team as the SIEM)/Linux administrator. The SIEM administrator will be responsible for ensuring that logs are collected from systems and devices across the architecture into SIEM system for analysis.  Engineer will be responsible for building custom dashboard supporting continuous monitoring activities. The SIEM Admin will be responsible for coordinating with tech administrators to tune systems and devices. Identify and integrate internal and external data sources, create queries and maintain SIEM dashboards. The SIEM Admin will apply current STIGs and system updates to ensure SIEM system compliance.

Job Duties Included:

  • Create queries, dashboards, and visualizations to support customer requirements and monitoring of the SIEM deployment.

  • Perform day-to-day maintenance, and specific scheduled maintenance activities that result from manufacturers recommended service intervals, alerts, bulletins, available patches, and updates according to agency approved change management processes. This includes maintaining updated documentation, change logs, and service bulletin libraries for all supported equipment and software in the environment.

  • Perform all development, engineering, testing, integration, and implementation actions necessary for major vendor revisions

  • Perform continuous engineering assessments to improve the performance, effectiveness, coverage, and maturity of this service.

  • Configure all assets assigned to this service within the Government Furnished Information - Software Tools list in accordance with all Federal, DoD, directives, orders, polices, guidance, procedures etc.

  • Perform all development, design, engineering, testing, integration, and implementation actions needed for the total integration and interoperability between all applicable assets in the Government Furnished Information - Software Tools list. This includes ensuing all data flows are properly parsed for ingestion/transmission to internal and external automated reporting systems.

  • Utilize agency approved ticketing systems to document, track, assign, update, and coordinate all engineering, integration, configuration, and maintenance actions

  • Use various monitoring, analysis, and visualization tools to track effectiveness, status, performance metrics, and other information as needed or required by Government staff and contractors assigned Cybersecurity Operations Services and Cybersecurity Readiness Services

  • Experience creating and fine-tuning SIEM content such as correlation rules, reports, dashboards, filters, channels, and integrating threat intelligence to improve accuracy and visibility to potential threats and alerts.

  • Monitoring and managing the health and performance of SIEM platform

  • Onboarding log sources and data sources, developing new and custom parses, and designing SIEM architecture reviews

  • Creating use cases and correlations alerts in the SIEM for continuous security monitoring

  • Security Operations experience with operating systems, or cloud infrastructures and services (Azure/AWS)

  • Participating in client meetings to further optimize their specific operational plan based on our best practices and operational learnings

  • Conveying complex technical security concepts to technical and non-technical audiences including executives.

Position Requirements:

  • TS clearance required

  • 3+ years of experience

  • DoD 8570.01-M IAT Level II and CSSP Infrastructure Support certifications

  • Monitor systems across a complex tech stack using elastic

  • Certification in Elastic, Splunk or other SIEM solution

  • Excellent analytical and problem-solving abilities

  • Strong presentation and communication skills

  • Knowledge of concepts and solutions of security services in the Zero-Trust model

  • Maintains enterprise cybersecurity infrastructure requirements

  • Applies Elastic search experience to optimize SIEM and data utilization for long term archive

  • Monitors, maintains and upgrades Elasticsearch environment

  • Elasticsearch/Splunk expert to include infrastructure support experience

  • AWS cloud expert

  • Linux (RHEL) Expert

  • Bash / Python Scripting

  • Experience working with log formats for syslog, http logs, and DB logs required.

  • Knowledge of industry standard design patterns in common languages such as Java and Unix / Linux shell scripting preferred.

Desired skills:

  • Arcsight

  • Splunk

  • Access Management

  • Red Hat Certified System Administrator (RHCSA) or higher certification

  • SOAR

  • User Behavior Analytics (UBA)

  • Beats

  • Log Stash

  • Event Broker

  • Experience with Logstash

  • Defense in depth

  • Security Automation

Experience with the following administrative concepts:

  • Agile development

  • Cross-Functional teams

  • Documentation/Learning management

  • Process management


  • Full-flex work week

  • 401K with company match

  • Internal mobility team dedicated to helping you own your career

  • Collaborative teams of highly motivated critical thinkers and innovators

  • Ability to make a real impact on the world around you

#DEE2020 #Defense #USAF #gditcareers #kmp #cloud #ICAM #SIEM #LinuxAdministrator #remote #AWS #cjobs #dicepost #gdpost #Cloud #SIEMengineer#AFOpportunities #NDRC22 #DEEOPEN8022022 #DEEjobs

The likely salary range for this position is $96,000 - $144,000, this is not, however, a guarantee of compensation or salary; rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

View information about benefits and our total rewards program.

About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.