SIEM Data Onboarding Engineer (Cyber Engineer - Mid LCAT)

SIEM Data Onboarding Engineer (Cyber Engineer - Mid LCAT)

Location: College Park, MD; Washington, DC; Reston, VA; Colorado Springs, CO; Norfolk, VA

Required Clearance: Active TS/SCI with polygraph eligibility

Employment Type: Full-Time Regular

Shift: Day

Travel: No

Relocation Assistance: Yes

Company Overview

We are Ennoble First. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country. We ensure today is safe and tomorrow is smarter. Our work has meaning and impact on the world around us, but also on us, and that's important. Ennoble First is your place. You make it your own by embracing autonomy, seizing opportunity, and being trusted to deliver your best every day. We think. We act. We deliver.

Job Description

Ennoble First is seeking a SIEM Data Onboarding Engineer to support the design, deployment, and sustainment of enterprise SIEM capabilities in a highly regulated mission environment. This role focuses on onboarding, parsing, normalizing, enriching, and routing security telemetry into Splunk to support detection, investigation, and response operations across on-premises and cloud environments. The engineer partners with security operations, platform engineering, and data owners to ensure consistent, high-quality data ingestion and analytics readiness.

Primary Responsibilities

• Design, deploy, and manage Splunk SIEM infrastructure including indexers, search heads, forwarders, and deployment servers
• Build and maintain data onboarding pipelines for enterprise systems, applications, and security tools
• Develop and maintain Splunk configurations including props.conf, transforms.conf, inputs.conf, outputs.conf, and Splunk Apps/TAs
• Configure and manage Cribl sources, destinations, routes, collectors, and pipelines
• Parse, normalize, enrich, mask, deduplicate, and route data to Splunk and downstream platforms
• Develop and maintain SPL searches, dashboards, alerts, and validation queries
• Monitor and troubleshoot SIEM performance, ingestion latency, parsing errors, and data quality issues
• Collaborate with security operations and engineering teams to support detection engineering requirements
• Implement best practices for indexing strategy, data retention, and platform scalability
• Produce documentation and provide operational support for SIEM workflows

Required Qualifications

• Bachelor's degree and 5+ years of experience supporting IT or cybersecurity projects and activities
• Experience managing and configuring Splunk SIEM environments
• Experience with Splunk architecture including indexers, search heads, forwarders, and deployment servers
• Experience using Splunk REST APIs for automation and operational tasks
• Experience configuring Cribl sources, destinations, routes, collectors, and pipelines
• Experience building pipelines to parse, normalize, enrich, mask, deduplicate, and route data
• Experience authoring and maintaining Splunk configuration files and packaging Apps/TAs
• Experience administering Linux and Windows systems including services, permissions, file paths, and log locations
• Experience using regex for field extraction and event breaking
• Active TS/SCI clearance; willingness to take a polygraph exam

Certifications

• Active DoD 8570 Information Assurance Technician (IAT) Level II certification (e.g., Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND)
• Must obtain a DoD 8570 Cybersecurity Service Provider - Infrastructure Support certification (e.g., CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND) prior to start date

Additional Qualifications

• Experience working in regulated environments using DISA STIGs or organizational hardening standards
• Strong understanding of networking fundamentals including TCP/UDP, TLS, syslog transport, and firewall ports
• Experience troubleshooting with tools such as tcpdump or Wireshark
• Familiarity with common log formats including syslog, Windows Event Logs, JSON, CSV, and XML
• Proficiency with SPL for validation, troubleshooting, and dashboard development
• Experience with scripting languages such as Python, Bash, or PowerShell
• Familiarity with Git and Ansible automation workflows
• Strong written and verbal communication skills

Compensation

Salary range: $120,000 - $150,000

The Ennoble First pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered include responsibilities of the role, education, experience, knowledge, skills, internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Equal Employment Opportunity

Ennoble First is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to any characteristic protected by federal, state, or local law.

E-Verify Participation

Ennoble First participates in the U.S. Department of Homeland Security's E-Verify program to confirm the employment eligibility of all newly hired employees. E-Verify is a registered trademark of the U.S. Department of Homeland Security.

Ennoble First is committed to providing a diverse and inclusive work environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Ennoble First participates in E-Verify.

The information below will be listed on our website's careers landing page.

EEO is the Law | Pay Transparency Nondiscrimination

www.dhs.gov/E-Verify

E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.