TS/SCI Siem Cyber Security Engineer
Role details
Job location
Tech stack
Job description
Insight Global is seeking a SIEM Cyber Security Engineer to support a critical mission focused on detecting, analyzing, and responding to cyber threats across a large enterprise environment. This role plays a key part in improving security visibility, reducing false positives, and ensuring early detection of malicious activity through effective SIEM content and automation. Key responsibilities include:
-
Analyze cyber defense (DCO) events and security logs to identify malicious or suspicious activity
-
Apply current industry SIEM best practices to improve detection accuracy and overall performance
-
Correlate security alerts with enriched log data to distinguish legitimate threats from false positives
-
Monitor and assess the effectiveness of security controls, including identifying unauthorized outbound connections
-
Develop and maintain SIEM detections and use cases through enterprise-wide log analysis
-
Build dashboards and visualizations that highlight adversary behavior and security trends
-
Create virtual "tripwires" using log data to enable early threat detection
-
Design, implement, test, and tune SIEM solutions to optimize performance and reliability
-
Build, test, and validate SIEM rules, filters, and correlation logic
-
Continuously tune SIEM content to reduce noise caused by known behavior, false positives, and system errors
-
Analyze malware threats and develop behavior-based detections to alert on or prevent malicious activity
-
Automate SIEM tasks using scripting or programming languages
-
Create scheduled and ad-hoc reports using SIEM tools to support operational and compliance needs
-
Develop and maintain SIEM documentation, processes, and knowledge repositories
-
Track metrics and trends to measure detection effectiveness and improve mission outcomes
-
Support operational leadership with SIEM content development and reporting needs
Requirements
-
Active Top-Secret SCI (TS/SCI) security clearance
-
Active GIAC Machine Learning Engineer (GMLE) certification or a bachelor's degree in computer science
-
2-3+ years of experience using SIEM technology (ArcSight, Splunk, and/or ELK) for log handling, reports, filters, rule creation, etc.
-
2-3+ years of network traffic analysis experience (understanding protocols and identifying ports) * Experience with DoD (Air Force, Navy, Army, etc.) Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
-
Experience with MITRE ATT&CK framework
-
Experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom or Demisto
-
Experience with Python and PowerShell