TS/SCI Siem Cyber Security Engineer

Insight Global
San Antonio, United States of America
7 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

San Antonio, United States of America

Tech stack

Computer Security
Intrusion Detection Systems
Python
Log Analysis
Machine Learning
Network Forensics
Powershell
ArcSight SIEM Tool
Security Information and Event Management
Mitre Att&ck
Information Technology
Cybercrime
Cyber Warfare
Splunk
Custom Reports
Programming Languages

Job description

Insight Global is seeking a SIEM Cyber Security Engineer to support a critical mission focused on detecting, analyzing, and responding to cyber threats across a large enterprise environment. This role plays a key part in improving security visibility, reducing false positives, and ensuring early detection of malicious activity through effective SIEM content and automation. Key responsibilities include:

  • Analyze cyber defense (DCO) events and security logs to identify malicious or suspicious activity

  • Apply current industry SIEM best practices to improve detection accuracy and overall performance

  • Correlate security alerts with enriched log data to distinguish legitimate threats from false positives

  • Monitor and assess the effectiveness of security controls, including identifying unauthorized outbound connections

  • Develop and maintain SIEM detections and use cases through enterprise-wide log analysis

  • Build dashboards and visualizations that highlight adversary behavior and security trends

  • Create virtual "tripwires" using log data to enable early threat detection

  • Design, implement, test, and tune SIEM solutions to optimize performance and reliability

  • Build, test, and validate SIEM rules, filters, and correlation logic

  • Continuously tune SIEM content to reduce noise caused by known behavior, false positives, and system errors

  • Analyze malware threats and develop behavior-based detections to alert on or prevent malicious activity

  • Automate SIEM tasks using scripting or programming languages

  • Create scheduled and ad-hoc reports using SIEM tools to support operational and compliance needs

  • Develop and maintain SIEM documentation, processes, and knowledge repositories

  • Track metrics and trends to measure detection effectiveness and improve mission outcomes

  • Support operational leadership with SIEM content development and reporting needs

Requirements

  • Active Top-Secret SCI (TS/SCI) security clearance

  • Active GIAC Machine Learning Engineer (GMLE) certification or a bachelor's degree in computer science

  • 2-3+ years of experience using SIEM technology (ArcSight, Splunk, and/or ELK) for log handling, reports, filters, rule creation, etc.

  • 2-3+ years of network traffic analysis experience (understanding protocols and identifying ports) * Experience with DoD (Air Force, Navy, Army, etc.) Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

  • Experience with MITRE ATT&CK framework

  • Experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom or Demisto

  • Experience with Python and PowerShell

Apply for this position