Enterprise Logging Solution (ELS) Lead

Company Description

Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.

Job Description

**This position is contingent upon contract award**

SOSi is seeking a highly qualified Enterprise Logging Solution (ELS) Lead to support a DHS enterprise cybersecurity program providing 24/7 Security Operations Center (SOC) services. The ELS Lead provides advanced technical leadership for enterprise-scale logging, monitoring, SIEM engineering, and telemetry integration efforts. This role ensures the reliability, performance, and modernization of CBP's enterprise logging ecosystem across on-premises, cloud, and hybrid environments.

Responsibilities

• Lead architecture, engineering, configuration, and optimization of enterprise logging platforms supporting DHS SOC operations.
• Serve as the senior technical authority for SIEM engineering, log ingestion pipelines, parsing, data normalization, enrichment, and storage strategies.
• Oversee onboarding of new data sources, including application, endpoint, network, cloud, and authentication telemetry.
• Maintain and enhance log health monitoring, pipeline resiliency, and log integrity validation.
• Coordinate with SOC analysts, Threat Hunt, IR, CTI, and engineering teams to ensure logging coverage aligns with detection, investigation, and compliance requirements.
• Develop, maintain, and troubleshoot log ingestion processes, forwarders, collectors, and APIs.
• Support dashboard, correlation rule, and alerting development by ensuring high-quality data availability.
• Ensure compliance with CBP logging standards, federal logging mandates, and Zero Trust visibility requirements.
• Lead modernization initiatives involving automation, cloud logging integrations, and data optimization.
• Provide detailed technical reporting, architectural documentation, and data dictionaries.
• Support vulnerability assessments, compliance audits, and cross-team engineering reviews.
• Mentor junior engineers and support knowledge transfer across the SOC.

Qualifications

Experience

• Five (5) years of experience serving as a senior Certified Splunk Administrator or Architect.
• Understanding and practical experience in applying project management principles.
• Experience with interconnected, heterogeneous systems; strong understanding of industry standards and technologies with experience in the application supporting a Federal Government security operations organization.
• Experience in an enterprise IT environment as an applications or systems administrator working in Windows and Linux environments.
• Experience with Linux and or Windows scripting languages and automation
• Strong networking background
• Strong security background
• Experience with cloud orchestration tools and a strong understanding of Amazon Web Services cloud.

Certifications

One of the following (listed in preference)

• Certified Splunk Architect II
• CISSP

Clearance

• Secret (TS eligible).

Working Conditions

• Normal office conditions with potential to perform duties in various CONUS locations
• Core hours of operation are Monday through Friday, 0600 - 1700.
• May be requested to work evenings and weekends to meet program and contract needs.

Additional Information

Work Environment

• Work hybrid/on-site as required.
• Normal office conditions with potential to perform duties in CONUS locations.
• Core hours of operation are Monday through Friday, 0600 - 1700.
• May be requested to work evenings and weekends to meet program and contract needs.

Working at SOSi

All interested individuals will receive consideration and will not be discriminated against for any reason.