Senior Security Operations Center Engineer - Security Tooling

The Senior Security Operations Center Engineer - Security Tooling serves as a senior-level cyber defense engineer responsible for the design, integration, and sustained operation of enterprise security tooling supporting WDP's cybersecurity posture across all classification tiers. This role bridges SOC operations and engineering disciplines to deliver scalable, automation-driven detection and response capabilities in direct support of WDP mission assurance and information advantage objectives.

• Provides advanced engineering support for enterprise cyber defense operations by designing, integrating, and sustaining security operations tooling across classified and unclassified environments.
• Architects, configures, and optimizes Security Information and Event Management platforms such as Splunk and Elastic to ingest, normalize, and correlate high-volume log data from network, endpoint, cloud, and application sources.
• Engineers security orchestration and automation workflows using SOAR platforms to accelerate detection, triage, containment, and response actions in alignment with Cyber Incident Handling Program guidance.
• Develops and tunes correlation rules, analytics queries, and threat detection logic to improve signal fidelity, reduce false positives, and increase adversary visibility.
• Integrates threat intelligence feeds, endpoint security platforms, vulnerability scanners, and cloud security tools to enable end-to-end situational awareness.
• Designs and maintains operational dashboards supporting SOC leadership decision-making, incident prioritization, and mission risk visibility.
• Supports continuous monitoring by maintaining tool health, data pipelines, and performance baselines while coordinating maintenance windows and upgrades.
• Collaborates with SOC analysts, incident responders, vulnerability management teams, and system engineers to translate operational requirements into scalable technical solutions.
• Produces automation artifacts, integration documentation, and operational metrics supporting readiness reporting, response efficiency, and sustained cyber defense effectiveness in support of mission assurance and information advantage.
• Performs other duties as assigned.

Do you have experience in Triage?, * Current Secret security clearance.

• A minimum of 10 years of experience in cybersecurity engineering, security operations, or a closely related discipline, with demonstrated expertise in enterprise security tooling design and integration in a federal, defense, or intelligence community environment.
• Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• Hands-on experience architecting, configuring, and administering enterprise SIEM platforms, specifically Splunk or Elastic, including log ingestion pipelines, normalization, correlation rule development, and detection tuning across multi-source, high-volume environments.
• Demonstrated experience engineering SOAR-based automation workflows for detection, triage, containment, and incident response operations, with the ability to design and maintain integration pipelines connecting security tooling across endpoint, network, cloud, and application layers.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).