SEIM Engineer

Our organization is seeking a SIEM Engineer to support a critical enterprise migration from Splunk to Elastic. This role will serve as a senior analyst, responsible for developing queries, tuning alerts, and performing advanced analysis within a large-scale environment. The position involves translating existing security use cases, dashboards, and alerts while ensuring detection capabilities are maintained or improved throughout the transition., Serve as a senior SIEM analyst leveraging Splunk, with responsibility for query development (SPL), alert tuning, correlation, and advanced analysis. Support and contribute to enterprise SIEM migration efforts from Splunk to Elastic, including translating use cases, dashboards, and alerts. Validate data ingestion pipelines and log sources during the migration to ensure fidelity. Leverage network monitoring and detection capabilities (netflow, PCAP, IDS) to identify adversary activity.

• Perform advanced log analysis, correlation, and threat detection across large-scale datasets.

Discover adversary campaigns, anomalies, and inconsistencies across SIEM platforms. Support the development of cyber fusion frameworks aligned with best practices. Analyze and document malicious actor TTPs, mapping them to enterprise vulnerabilities. Produce detailed analytic reports and visualizations to communicate findings. Provide mitigation strategies to reduce risk and improve the enterprise security posture.

Bachelor's Degree with 8-15 years of relevant experience, or equivalent professional experience. An active IAT Level II or III Certification. Experience with Splunk, including SPL query development, dashboard creation, and alert tuning. Experience supporting or participating in SIEM platform migrations, preferably from Splunk to Elastic. Familiarity with Elastic/ELK Stack tools such as Elasticsearch, Kibana, Logstash, and Beats. Knowledge of network protocols (TCP/IP, OSI) and cyber threat methodologies. Experience analyzing netflow, PCAP, and custom application logging data. Experience with security tools such as Wireshark, passive DNS, and threat intelligence platforms. Preferred Qualifications Experience supporting DISN or DOW networks. Demonstrated experience building SIEM dashboards, analytics, and detection content in Splunk and/or Elastic. Hands-on experience with Splunk to Elastic migrations, data pipeline validation, or detection engineering conversions. Familiarity with intelligence-driven defense methodologies. IAT Level III and/or IAM Level II/III Certifications.