IT Security SIEM Engineer
Role details
Job location
Tech stack
Job description
As an IT Security SIEM Engineer (Security Operations Consultant), you will support a highly visible cybersecurity program for a large-scale public sector organization, contributing across the full system engineering lifecycle - requirements analysis, design, development, implementation, integration, testing, and documentation. This role supports both strategic initiatives and day-to-day security operations in a hybrid environment, with a primary focus on SIEM engineering (Splunk), security monitoring, automation and scripting, endpoint protection, and overall operational security, working in coordination with the citywide Security Operations Center (SOC)., * Provide engineering and administration support for the organization's Splunk environment (cloud and/or hybrid), including search heads, indexers, deployers, deployment servers, and heavy/universal forwarders
- Onboard and normalize new log sources across application, database, network, cloud, and endpoint
- Develop and maintain complex Splunk queries, dashboards, reports, and alerts for both technical and executive audiences
- Analyze log data for anomalies, suspicious trends, and potential security incidents; support log correlation and threat detection use cases aligned with SOC requirements
- Tune alerts to reduce false positives and improve detection efficiency
- Support day-to-day security monitoring, triage, and analysis of alerts and incidents in coordination with the SOC and internal teams
- Support incident investigations using logs, endpoint data, and network telemetry, and contribute to incident response documentation and playbooks
- Develop and maintain automation scripts (PowerShell, Python, Bash) to automate repetitive security tasks such as log ingestion validation, reporting, and compliance checks
- Assist in monitoring and managing endpoint security tools (EDR, antivirus, host-based monitoring), endpoint hardening, and security configuration validation
- Support vulnerability remediation coordination, patch validation, and compliance reporting
- Review system and infrastructure logs, support firewall and network security log monitoring, and assist with user access reviews and audit support
- Contribute to POAM tracking, remediation validation, and audit evidence preparation
Requirements
- Strong hands-on experience with Splunk Enterprise and/or Splunk Cloud
- Experience onboarding log sources and building detection logic
- Knowledge of enterprise logging across application, web, database, security, and endpoint
- Experience with scripting languages (PowerShell, Python, Bash)
- Familiarity with endpoint detection and response (EDR) tools
- Knowledge of incident response procedures
- Understanding of log correlation and threat detection techniques
- Experience with IDS/IPS and host-based security tools
- Strong analytical and problem-solving skills
- Ability to work independently and manage assigned tasks
- Strong verbal and written communication skills
Preferred Certifications:
- Splunk Enterprise Certified Admin / Architect
- CISSP, CEH, GCIH, Security+, or equivalent
Benefits & conditions
$30 - $40 an hour - Contract, * Hourly rate (competitive, commensurate with experience)