Enterprise Logging Solution Lead

MANTECH seeks a motivated, career and customer-oriented Enterprise Logging Solution (ELS) Lead to join our team in Ashburn, VA.

The ultimate purpose of this role is to provide the disciplined leadership and structural organization necessary to rapidly implement critical, high-impact security solutions that directly protect the Nation's digital borders while ensuring continuous, compliant contract delivery for 24x7x365 network, cyber, and cloud services.

Responsibilities include but are not limited to:

• Leads the lifecycle of analyzing, developing, and testing proposed enhancements to the ELS/SIEM environment.
• Establishing and enforcing a data onboarding system into the ELS, including asset categorization and prioritization.
• Designing, implementing, and maintaining successful correlation rules, signatures, and risk-based scoring enhancements for the SIEM.
• Drives the technical integration of next generation technologies like containerization, observability tools, and User Behavior Analytics (UBA).
• Supports the implementation of Machine Learning (ML) and AI into the ELS/SIEM.

Minimum Qualifications:

• Bachelor's degree in computer science, engineering, information technology, or cybersecurity.
• Certified Splunk Architect (II)
• Twelve (12+) years of experience in the Information Technology field.
• Seven (7+) years of experience serving as a senior Certified Splunk Architect.
• Experience in an enterprise IT environment as an applications or systems administrator working in Windows and Linux environments.
• Experience with cloud orchestration tools and a strong understanding of AWS cloud.
• Demonstrated deep, hands-on Splunk architecting, engineering, and fine-tuning experience and expertise
• Proven, hands-on experience working within an environment with a large Splunk footprint.

Preferred Qualifications:

• Experience in optimizing complex, large-scale search performance using Splunk Programming Language (SPL), macros, data models, and summary indexes.
• Certified Information System Security Professional (CISSP) certification.

Clearance Requirements:

• Must have an active/ current Secret clearance.
• Must be able to obtain and maintain a CBP BI (Background Investigation).

Physical Requirements:

• Must be able to be in a stationary position more than 50% of the time
• Must be able to communicate, converse, and exchange information with peers and senior personnel
• Constantly operates a computer and other office productivity machinery, such as a computer
• The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations
• The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.