Enterprise Logging Solution (ELS) Lead

• Lead the design, engineering, configuration, and optimization of enterprise logging platforms supporting SOC operations.
• Act as the primary technical authority for SIEM architecture, log ingestion pipelines, parsing, normalization, enrichment, and storage strategies.
• Manage onboarding of new data sources across applications, endpoints, networks, cloud environments, and identity systems.
• Ensure log health monitoring, pipeline resiliency, and integrity validation for continuous reliability.
• Enable dashboard creation, correlation rules, and alerting by guaranteeing high-quality, normalized data.
• Maintain compliance with logging standards, federal mandates, and Zero Trust visibility requirements.
• Drive modernization initiatives, including automation, cloud logging integrations, and data optimization.
• Produce technical documentation, including architecture diagrams, data dictionaries, and detailed reports.
• Support vulnerability assessments, compliance audits, and cross-team engineering reviews.

• Bachelor's degree in Computer Science, Information Systems, Engineering, Cybersecurity, or related field.

• An understanding and practical experience in applying project management principles; experience with interconnected, heterogeneous systems.

• Strong understanding of industry standards and technologies with experience in the application supporting a Federal Government security operations organization.

• Experience in an enterprise IT environment as an applications or systems administrator working in Windows and Linux environments.

• Experience with Linux and or Windows scripting languages and automation.

• Strong networking background

• Strong security background

• Experience with cloud orchestration tools and a strong understanding of Amazon Web Services cloud

• Last 5 years of experience serving as a senior Certified Splunk Administrator or Architect

• One of the following certifications (listed in preference):

• Certified Splunk Architect (II)

• Certified Information System Security Professional (CISSP)

Preferred Experience

• Certified Splunk Architect
• Splunk Certified Admin/Engineer
• Splunk Core Certified Consultant
• Security+
• Cloud provider certifications (AWS Certified Solutions Architect, Azure Solutions Architect Expert, etc)

Expression offers highly competitive salaries, performance-based incentives, and additional benefits, such as:

• 401k matching
• PPO and HDHP medical/dental/vision insurance
• Education reimbursement up to $10,000/yr
• Complimentary life insurance
• 15 PTO days and 11 paid holidays

Founded in 1997 and headquartered in Washington, DC, Expression provides data fusion, data analytics, AI/ML, software engineering, information technology, and electromagnetic spectrum management solutions to the U.S. Department of Defense, Department of State, and national security community. Our culture emphasizes creating immediate and sustainable value for our clients through agile delivery of tailored solutions and constant engagement. We were ranked #1 on the Washington Technology Fast 50 list of fastest-growing small business Government contractors and recognized as a Top 20 Big Data Solutions Provider by CIO Review. At Expression, we ensure every team member has the tools and opportunities to grow while working with the newest technologies in the industry. We celebrate milestones, accomplishments, promotions, and collaborative achievements that make our workplace engaging and rewarding. Equal Employment Opportunity Statement Expression is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status., © 2026 Careerjet All rights reserved