Posted today
Top Secret
Unspecified
Unspecified
IT - Security
Doral, FL (On-Site/Office)
MANTECH seeks a motivated, career and customer-oriented Senior Security Information and Event Management Engineer to join our team in Doral, FL.
Responsibilities include but are not limited to:
Minimum Qualifications:
Desired Qualifications:
Clearance Requirements:
Physical Requirements:
Responsibilities include but are not limited to:
- Designing, deploying, maintaining, and upgrading the SIEM infrastructure, which can include components like indexers, forwarders, and data collectors.
- Onboarding new data sources by collecting, parsing, and normalizing logs from various systems like firewalls, servers (Windows, Linux), network devices, and cloud platforms.
- Creating and fine-tuning correlation rules, alerts, dashboards, and reports to detect security threats and provide valuable insights to the security team. This is a critical function to identify anomalies and potential attack patterns.
- Developing scripts (often in Python or PowerShell) to automate tasks, streamline workflows, and enhance the SIEM's capabilities. This includes optimizing search queries and tuning rules to reduce false positives.
- Serving as the subject matter expert for the SIEM platform, troubleshooting, resolving technical issues, and ensuring the continuous flow and quality of data.
- Working closely with SOC analysts, incident response teams, and IT operations to understand their needs, improve detection capabilities, and support investigations.
Minimum Qualifications:
- BA/BS in field necessary to assume Senior Security Information and Event Management Engineer duties or a minimum of 9 years years of relevant experience.
- High School and 4 years of additional experience or Associate's Degree and 2 years of additional experience may be exchanged in lieu of a required Bachelor's degree
- A candidate holding a relevant Master's degree may be granted 2 years' experience credit for that extra education. A candidate holding a relevant PhD degree may be granted 4 years' experience credit for that extra education.
- Hands-on experience with major SIEM solutions including Splunk, Microsoft Sentinel, IBM QRadar, LogRhythm, and Elastic SIEM.
- Proficiency in languages like Python, PowerShell, or Bash is often required for automation, data parsing, and API integration.
Desired Qualifications:
- Certifications are highly valued. Common ones include: CISSP, CISM, GIAC/SANS certifications, and platform-specific credentials from vendors like Splunk, Microsoft, or IBM.
- Experience at a DoD Combatant Command (e.g., SOUTHCOM, NORTHCOM, CENTCOM, CYBERCOM, INDOPACOM, EUCOM, AFRICOM, STRATCOM, TRANSCOM, SOCOM, SPACECOM) or a component is desired.
Clearance Requirements:
- Must have a current/active Top Secret clearance. Must be able to obtain and maintain SCI access.
Physical Requirements:
- Must be able to remain in a stationary position 50%
- Needs to occasionally move about inside the office to access file cabinets, office machinery, etc.
- Frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.
group id: RTX14564a
N
