We are GDIT. We stay at the forefront of innovation to solve complex technical challenges.
The desired candidate will provide cybersecurity data analysis services, which designs, develops, builds, tests, configures, employs, operates, integrates, sustains, and refreshes the Security Information Events Management (SIEM) capability (i.e. Enterprise Audit), long-term analytics platform, log aggregation platform, and the cyber threat intelligence capability, signature development and deployment, and reputation management services. This includes the onboarding of all new and existing IT resources, and ensuring the correct routing of all audit events to mission partners in accordance with Joint Special Access Program Implementation Guide (JSIG) standards.
The Cloud SIEM Engineer will serve as a member of the Governance Risk and Compliance (GRC) team as the SIEM)/Linux administrator. The SIEM administrator will be responsible for ensuring that logs are collected from systems and devices across the architecture into SIEM system for analysis. Engineer will be responsible for building custom dashboard supporting continuous monitoring activities. The SIEM Admin will be responsible for coordinating with tech administrators to tune systems and devices. Identify and integrate internal and external data sources, create queries and maintain SIEM dashboards. The SIEM Admin will apply current STIGs and system updates to ensure SIEM system compliance.
Job Duties Included:
Create queries, dashboards, and visualizations to support customer requirements and monitoring of the SIEM deployment.
Perform day-to-day maintenance, and specific scheduled maintenance activities that result from manufacturers recommended service intervals, alerts, bulletins, available patches, and updates according to agency approved change management processes. This includes maintaining updated documentation, change logs, and service bulletin libraries for all supported equipment and software in the environment.
Perform all development, engineering, testing, integration, and implementation actions necessary for major vendor revisions
Perform continuous engineering assessments to improve the performance, effectiveness, coverage, and maturity of this service.
Configure all assets assigned to this service within the Government Furnished Information - Software Tools list in accordance with all Federal, DoD, directives, orders, polices, guidance, procedures etc.
Perform all development, design, engineering, testing, integration, and implementation actions needed for the total integration and interoperability between all applicable assets in the Government Furnished Information - Software Tools list. This includes ensuing all data flows are properly parsed for ingestion/transmission to internal and external automated reporting systems.
Utilize agency approved ticketing systems to document, track, assign, update, and coordinate all engineering, integration, configuration, and maintenance actions
Use various monitoring, analysis, and visualization tools to track effectiveness, status, performance metrics, and other information as needed or required by Government staff and contractors assigned Cybersecurity Operations Services and Cybersecurity Readiness Services
Experience creating and fine-tuning SIEM content such as correlation rules, reports, dashboards, filters, channels, and integrating threat intelligence to improve accuracy and visibility to potential threats and alerts.
Monitoring and managing the health and performance of SIEM platform
Onboarding log sources and data sources, developing new and custom parses, and designing SIEM architecture reviews
Creating use cases and correlations alerts in the SIEM for continuous security monitoring
Security Operations experience with operating systems, or cloud infrastructures and services (Azure/AWS)
Participating in client meetings to further optimize their specific operational plan based on our best practices and operational learnings
Conveying complex technical security concepts to technical and non-technical audiences including executives.
TS clearance required
3+ years of experience
DoD 8570.01-M IAT Level II and CSSP Infrastructure Support certifications
Monitor systems across a complex tech stack using elastic
Certification in Elastic, Splunk or other SIEM solution
Excellent analytical and problem-solving abilities
Strong presentation and communication skills
Knowledge of concepts and solutions of security services in the Zero-Trust model
The likely salary range for this position is $96,000 - $144,000, this is not, however, a guarantee of compensation or salary; rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.