Posted today
Secret
Unspecified
Unspecified
Ashburn, VA (On-Site/Office)
Company Description
Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.
Job Description
**This position is contingent upon contract award**
SOSi is seeking a highly qualified Enterprise Logging Solution (ELS) Lead to support a DHS enterprise cybersecurity program providing 24/7 Security Operations Center (SOC) services. The ELS Lead provides advanced technical leadership for enterprise-scale logging, monitoring, SIEM engineering, and telemetry integration efforts. This role ensures the reliability, performance, and modernization of CBP's enterprise logging ecosystem across on-premises, cloud, and hybrid environments.
Responsibilities
Qualifications
Education
Certifications
Required (one of the following):
Preferred:
Clearance
Working Conditions
Additional Information
Work Environment
Working at SOSi
All interested individuals will receive consideration and will not be discriminated against for any reason.
Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.
Job Description
**This position is contingent upon contract award**
SOSi is seeking a highly qualified Enterprise Logging Solution (ELS) Lead to support a DHS enterprise cybersecurity program providing 24/7 Security Operations Center (SOC) services. The ELS Lead provides advanced technical leadership for enterprise-scale logging, monitoring, SIEM engineering, and telemetry integration efforts. This role ensures the reliability, performance, and modernization of CBP's enterprise logging ecosystem across on-premises, cloud, and hybrid environments.
Responsibilities
- Lead architecture, engineering, configuration, and optimization of enterprise logging platforms supporting DHS SOC operations.
- Serve as the senior technical authority for SIEM engineering, log ingestion pipelines, parsing, data normalization, enrichment, and storage strategies.
- Oversee onboarding of new data sources, including application, endpoint, network, cloud, and authentication telemetry.
- Maintain and enhance log health monitoring, pipeline resiliency, and log integrity validation.
- Coordinate with SOC analysts, Threat Hunt, IR, CTI, and engineering teams to ensure logging coverage aligns with detection, investigation, and compliance requirements.
- Develop, maintain, and troubleshoot log ingestion processes, forwarders, collectors, and APIs.
- Support dashboard, correlation rule, and alerting development by ensuring high-quality data availability.
- Ensure compliance with CBP logging standards, federal logging mandates, and Zero Trust visibility requirements.
- Lead modernization initiatives involving automation, cloud logging integrations, and data optimization.
- Provide detailed technical reporting, architectural documentation, and data dictionaries.
- Support vulnerability assessments, compliance audits, and cross-team engineering reviews.
- Mentor junior engineers and support knowledge transfer across the SOC.
Qualifications
- Minimum of 7+ years administering, engineering, or architecting enterprise logging or SIEM solutions in large-scale environments.
- Minimum of 5+ years hands-on experience as a senior SIEM engineer or administrator within Federal or enterprise SOC environments.
- Experience supporting Windows and Linux logging ecosystems, cross-platform log ingestion, and distributed system integrations.
- Experience with interconnected, heterogeneous enterprise systems and cloud environments (AWS, Azure).
- Demonstrated experience with log parsing, normalization, field extraction, data mapping, and ingestion pipeline troubleshooting.
- Strong networking background, including TCP/IP, DNS, HTTP/S, VPN, encryption, and certificate management.
- Experience supporting or integrating with automation/orchestration frameworks.
- Experience producing technical documentation, diagrams, and operational runbooks.
Education
- Bachelor's degree in Computer Science, Information Systems, Engineering, Cybersecurity, or related field.
Certifications
Required (one of the following):
- Certified Splunk Architect II (priority)
- Splunk Certified Admin/Engineer (if Architect-level is in progress)
Preferred:
- CISSP
- Security+
- Cloud provider certifications (AWS, Azure)
Clearance
- Must be able to obtain/maintain a Tier 5 (T5) investigation. CBP CSD may add TS or TS/SCI requirements on a case-by-case basis.
Working Conditions
- Normal office conditions with potential to perform duties in various CONUS locations
- Core hours of operation are Monday through Friday, 0600 - 1700.
- May be requested to work evenings and weekends to meet program and contract needs.
Additional Information
Work Environment
- Work hybrid/on-site as required.
- Normal office conditions with potential to perform duties in CONUS locations.
- Core hours of operation are Monday through Friday, 0600 - 1700.
- May be requested to work evenings and weekends to meet program and contract needs.
Working at SOSi
All interested individuals will receive consideration and will not be discriminated against for any reason.
group id: 10237746
