Posted today
Secret
Unspecified
Unspecified
(On-Site/Office)
Summary
Ryan Consulting Group, Inc. is seeking a first shift SIEM Analyst with an ACTIVE Secret Clearance. This position is hybrid, 3 days on-site and 2 days remote.
The SIEM Analyst is responsible for supporting the management, optimization, and continuous monitoring of Security Information and Event Management (SIEM) systems within Department of Defense (DoD) environments. This role focuses on reviewing, validating, and optimizing SIEM log sources, rule configurations, and system deployment metrics to ensure comprehensive and efficient threat detection.
The SIEM Analyst will collaborate with cybersecurity teams to develop processes and Standard Operating Procedures (SOPs) for effective SIEM log management, incident detection, and threat response. This position requires strong analytical skills, attention to detail, and a proactive approach to SIEM management and improvement. The ideal candidate will have experience with log analysis, configuration validation, and the identification of security misconfigurations in a SIEM environment.
Responsibilities
Develop and Document SIEM Processes and SOPs:
SIEM Log Source Review:
Establish and Maintain SIEM Log Review Schedules:
Incident Reporting and Collaboration:
Continuous SIEM Rule Assessment:
Log Source Configuration Validation:
Documentation and Reporting:
Requirements
Skills
Education
Certifications
Must possess one or more of the following IASAE Level II certifications:
Statements
Equal Employment Opportunity (EEO) Statement
Ryan Consulting Group, Inc. is an equal opportunity employer. We are dedicated to ensuring equal employment opportunities in all aspects of employment, including recruitment, hiring, promotion, training, compensation, benefits, and termination. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by applicable law.
Ryan Consulting Group, Inc. is also committed to complying with the Americans with Disabilities Act (ADA) and providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or accommodation due to a disability in the application process, please contact humanresources@consultrcg.com.
Drug-Free Workplace Statement
Ryan Consulting Group, Inc. is committed to maintaining a drug-free workplace, in compliance with the Drug-Free Workplace Act of 1988, which is a requirement for all federal contractors. We recognize the impact that drug and alcohol abuse can have on the safety, health, and productivity of our workforce, and we are dedicated to providing a work environment that is free from illegal drugs and alcohol. All employment offers are conditional upon successfully passing a drug screening.
Pay Transparency Statement
Ryan Consulting Group, Inc. complies with all relevant pay transparency laws in each state and jurisdiction where we operate. This includes providing salary ranges and pay data in compliance with state or local regulations where applicable.
We also ensure that applicants and employees in relevant states are informed of their right to inquire about pay information as required by state or local laws. Employees and applicants in states where pay transparency laws are in effect can expect to be provided with salary information upon request during the hiring process.
Ryan Consulting Group, Inc. is seeking a first shift SIEM Analyst with an ACTIVE Secret Clearance. This position is hybrid, 3 days on-site and 2 days remote.
The SIEM Analyst is responsible for supporting the management, optimization, and continuous monitoring of Security Information and Event Management (SIEM) systems within Department of Defense (DoD) environments. This role focuses on reviewing, validating, and optimizing SIEM log sources, rule configurations, and system deployment metrics to ensure comprehensive and efficient threat detection.
The SIEM Analyst will collaborate with cybersecurity teams to develop processes and Standard Operating Procedures (SOPs) for effective SIEM log management, incident detection, and threat response. This position requires strong analytical skills, attention to detail, and a proactive approach to SIEM management and improvement. The ideal candidate will have experience with log analysis, configuration validation, and the identification of security misconfigurations in a SIEM environment.
Responsibilities
Develop and Document SIEM Processes and SOPs:
- Assist in developing and documenting a process and SOP for the regular review and validation of SIEM logs and sources.
- Define procedures for identifying SIEM misconfigurations, evaluating SIEM rules, and generating reports on system deployment metrics such as active log source counts, log types, entities, and rules reviewed or modified.
SIEM Log Source Review:
- Regularly review and validate SIEM log sources in collaboration with cybersecurity experts to build or update asset profiles. Use these profiles to assess system risk and criticality, leveraging data from Mission Assurance, Configuration Management Database (CMDB), and other resources.
Establish and Maintain SIEM Log Review Schedules:
- Implement and manage a regular schedule for reviewing SIEM logs based on system sensitivity and risk profiles. Perform reviews daily, weekly, or monthly, depending on the system's criticality.
- Conduct weekly SIEM log reviews, focusing on identifying: Unusual system behavior, Deviations from established baselines, and Configuration changes
Incident Reporting and Collaboration:
- Monitor and relay any anomalous or potentially malicious activity detected in the SIEM to Cyber Operations (Cyber Ops) Analysts.
- Provide timely communication and findings to cybersecurity leadership to ensure prompt action on security issues.
Continuous SIEM Rule Assessment:
- Conduct regular evaluations of SIEM rules to ensure their effectiveness in identifying potential security threats. Review 10-15 SIEM signatures monthly to ensure they are relevant and effective.
- Work with ISSM, ISO, and Cyber Ops Analysts to identify SIEM rules that need optimization to improve threat detection accuracy and reduce false positives.
Log Source Configuration Validation:
- Validate the configuration of log sources to ensure that all relevant security data is collected, ingested, and processed by the SIEM. Identify any missing or misconfigured log sources and create incidents (IRs) to assign these to the SIEM team for resolution.
Documentation and Reporting:
- Maintain detailed documentation on SIEM configurations, rule assessments, and incident reports.
- Generate and present reports with system deployment metrics to cybersecurity leadership, focusing on log source counts, rule modifications, and overall SIEM performance.
Requirements
- ACTIVE Secret Security Clearance.
- 3-5 years of experience in cybersecurity or a related role, with hands-on experience managing SIEM systems.
- Strong understanding of log analysis, rule-based threat detection, and incident response processes.
- Familiarity with DoD cybersecurity policies and standards, including experience working with SIEM tools in a defense environment.
Skills
- Proficiency with SIEM tools such as Splunk, ArcSight, LogRhythm or QRadar, and familiarity with DoD-specific implementations.
- Strong understanding of network security, log source validation, and rule-based threat detection.
- Strong verbal and written communication skills, with the ability to collaborate with both technical and non-technical stakeholders.
- Experience preparing and delivering reports and presentations on SIEM performance and security incidents.
- Ability to think analytically and make data-driven decisions to optimize SIEM configurations and rule effectiveness.
Education
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
Certifications
Must possess one or more of the following IASAE Level II certifications:
- CASP+ CE
- CISSP (or Associate)
- CSSLP
Statements
Equal Employment Opportunity (EEO) Statement
Ryan Consulting Group, Inc. is an equal opportunity employer. We are dedicated to ensuring equal employment opportunities in all aspects of employment, including recruitment, hiring, promotion, training, compensation, benefits, and termination. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by applicable law.
Ryan Consulting Group, Inc. is also committed to complying with the Americans with Disabilities Act (ADA) and providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or accommodation due to a disability in the application process, please contact humanresources@consultrcg.com.
Drug-Free Workplace Statement
Ryan Consulting Group, Inc. is committed to maintaining a drug-free workplace, in compliance with the Drug-Free Workplace Act of 1988, which is a requirement for all federal contractors. We recognize the impact that drug and alcohol abuse can have on the safety, health, and productivity of our workforce, and we are dedicated to providing a work environment that is free from illegal drugs and alcohol. All employment offers are conditional upon successfully passing a drug screening.
Pay Transparency Statement
Ryan Consulting Group, Inc. complies with all relevant pay transparency laws in each state and jurisdiction where we operate. This includes providing salary ranges and pay data in compliance with state or local regulations where applicable.
We also ensure that applicants and employees in relevant states are informed of their right to inquire about pay information as required by state or local laws. Employees and applicants in states where pay transparency laws are in effect can expect to be provided with salary information upon request during the hiring process.
group id: RTL58543
N
