Today
Secret
Unspecified
Unspecified
IT - Security
Hanahan, SC (On-Site/Office)
As a Security Engineer you will The SIEM/SOAR Engineer will be responsible for managing and maintaining the CSSP's Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems.
Position Requirements and Duties:
• Design, implement, and maintain the SIEM and SOAR infrastructure (Elastic and Splunk).
• Manage and maintain an enterprise Elastic cluster to support SIEM operations for the CSSP.
• Monitor and analyze security events and incidents to protect information assets.
• Assist in the development and maintenance of use cases, rules, and alerts for threat detection and response.
• Integrate SIEM and SOAR systems with other security tools and data sources.
• Automate security operations workflows and incident response procedures using SOAR platforms.
• Perform regular system monitoring and health checks to ensure the integrity and availability of SIEM and SOAR systems.
• Conduct performance tuning, capacity planning, and scalability assessments for SIEM and SOAR solutions.
• Implement and manage data ingestion pipelines for security event data.
• Perform regular updates, patches, and upgrades for SIEM and SOAR systems.
• Create and maintain documentation for system configurations, processes, and standard operating procedures.
• Collaborate with security analysts, operations analysts, incident responders, and other CSSP teams to ensure effective use of SIEM and SOAR capabilities.
Required Skills:
• 3 years of experience in maintaining an enterprise Elastic cluster
• Proficiency in managing and maintaining SIEM and SOAR solutions.
• Experience with Elasticsearch Enterprise (including Logstash and Kibana) for SIEM operations.
• Strong understanding of security event and incident management processes.
• Knowledge of scripting languages (e.g., Python, PowerShell) for automation and integration.
• Experience with threat detection and response methodologies.
• Extensive experience with Linux Administration of RHEL Operating Systems
• Strong experience with networking protocols, solutions, and methodologies
Minimum Qualifications:
• US Citizen
• Possess a high school diploma or GED
• Available for on-call after-hours rotational support as needed
• Position may require up to 25% travel as needed
• OCONUS travel may be required
Preferred Qualifications:
• Experience with other SIEM platforms (e.g., Splunk).
• Knowledge of security frameworks and standards (e.g., MITRE ATT&CK, NIST).
• Familiarity with network and endpoint security technologies.
• Experience with security incident response and digital forensics.
Required Certifications:
• 8570 IAT Level II Certification
• Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), or Elastic Certified Engineer
Minimum of a Secret Clearance Required with ability to obtain Top Secret
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.
Position Requirements and Duties:
• Design, implement, and maintain the SIEM and SOAR infrastructure (Elastic and Splunk).
• Manage and maintain an enterprise Elastic cluster to support SIEM operations for the CSSP.
• Monitor and analyze security events and incidents to protect information assets.
• Assist in the development and maintenance of use cases, rules, and alerts for threat detection and response.
• Integrate SIEM and SOAR systems with other security tools and data sources.
• Automate security operations workflows and incident response procedures using SOAR platforms.
• Perform regular system monitoring and health checks to ensure the integrity and availability of SIEM and SOAR systems.
• Conduct performance tuning, capacity planning, and scalability assessments for SIEM and SOAR solutions.
• Implement and manage data ingestion pipelines for security event data.
• Perform regular updates, patches, and upgrades for SIEM and SOAR systems.
• Create and maintain documentation for system configurations, processes, and standard operating procedures.
• Collaborate with security analysts, operations analysts, incident responders, and other CSSP teams to ensure effective use of SIEM and SOAR capabilities.
Required Skills:
• 3 years of experience in maintaining an enterprise Elastic cluster
• Proficiency in managing and maintaining SIEM and SOAR solutions.
• Experience with Elasticsearch Enterprise (including Logstash and Kibana) for SIEM operations.
• Strong understanding of security event and incident management processes.
• Knowledge of scripting languages (e.g., Python, PowerShell) for automation and integration.
• Experience with threat detection and response methodologies.
• Extensive experience with Linux Administration of RHEL Operating Systems
• Strong experience with networking protocols, solutions, and methodologies
Minimum Qualifications:
• US Citizen
• Possess a high school diploma or GED
• Available for on-call after-hours rotational support as needed
• Position may require up to 25% travel as needed
• OCONUS travel may be required
Preferred Qualifications:
• Experience with other SIEM platforms (e.g., Splunk).
• Knowledge of security frameworks and standards (e.g., MITRE ATT&CK, NIST).
• Familiarity with network and endpoint security technologies.
• Experience with security incident response and digital forensics.
Required Certifications:
• 8570 IAT Level II Certification
• Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), or Elastic Certified Engineer
Minimum of a Secret Clearance Required with ability to obtain Top Secret
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.
group id: 10488887
