Job Requirements
Alexandria, VA
Top Secret Polygraph not specified
Mid Level Career (5+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Position Title: Lead SIEM Engineer/Analyst - Splunk
Location: Alexandria, VA (Mark Center)
ASE is seeking a Lead SIEM Engineer/Analyst – Splunk to support one of our federal government clients. The successful candidate MUST possess an active Secret or Top-Secret Security Clearance and have experience supporting enterprise-wide log management, security event monitoring, and compliance initiatives utilizing the Splunk platform. The position is a TEMPORARY hybrid therefore requiring onsite presence 3-days a week at our main customer location in Alexandria, Virginia as required.
Responsibilities:
• Log Source Validation & Compliance Alignment
◦ Ensure log review SOPs align with STIG and organizational requirements.
◦ Validate log generation, storage, and security configurations across systems.
◦ Confirm system clocks are synchronized to ZULU time for consistent timestamping.
• Log Review & Anomaly Detection
◦ Perform regular analysis of log data to identify anomalies, misconfigurations, or potential threats.
◦ Document findings and escalate suspicious activity to incident response teams.
• SIEM Integration & Data Feed Management
◦ Integrate DHRA and third-party data feeds into the Splunk SIEM platform.
◦ Deploy and maintain loggers, connectors, and event collectors to ensure data continuity.
• Alerting, Correlation & Use Case Development
◦ Develop and tune correlation rules, filters, and alerts to detect significant security events.
◦ Create and maintain use cases to support threat detection and compliance monitoring.
• System Maintenance & Component Deployment
◦ Deploy and upgrade Splunk components including ESM, SOAR, and UBA modules.
◦ Coordinate with IT operations and program managers for system modifications and downtimes.
• Log Retention, Rotation & Archival Oversight
◦ Monitor log rotation and archival processes to ensure compliance with retention policies.
◦ Conduct regular checks on storage capacity and automate log lifecycle management.
• Security Event Analysis & Trend Monitoring
◦ Conduct in-depth analysis of network, system, and application logs.
◦ Identify trends, detect intrusions, and support forensic investigations.
• Collaboration & Continuous Improvement
◦ Work with stakeholders to refine logging strategies and respond to audit findings.
◦ Recommend improvements based on policy changes, technology updates, and security needs.
Required Qualifications:
• Clearance:
◦ For candidates possessing a security clearance: An active Secret or Top Secret.
• This position requires the successful applicant to obtain and maintain the required security clearance or other authorization(s) within the necessary timeframe required by applicable contract(s).
• Active DoD 8570 IAT Level III certification (Security+ CE, CISSP, etc.) and relevant Computer Environment Certification
• 8+ years in cybersecurity operations, with specific expertise in Splunk and UBA and SOAR technologies.
• 5+ years of experience with an enterprise Logging and Security Information and Event Management (SIEM) solution, to include log collections, management, correlation, aggregation. ingestion, parsing, use case, dashboard, and triggers development.
• This is a hybrid (3-days per week onsite) position in Alexandria, Virginia as required.
• Ability to support Cybersecurity reviews, SOP development and maintenance including assisting in the generation of security artifacts, such as security plans, POA&M, and security CONOPS.
• Splunk Training and Certification:
◦ Core Certified Power User (must have)
◦ Splunk Enterprise Security Certified Admin
◦ Splunk Certified Cybersecurity Defense Analyst Splunk
◦ Splunk Certified Architect
Location: Alexandria, VA (Mark Center)
ASE is seeking a Lead SIEM Engineer/Analyst – Splunk to support one of our federal government clients. The successful candidate MUST possess an active Secret or Top-Secret Security Clearance and have experience supporting enterprise-wide log management, security event monitoring, and compliance initiatives utilizing the Splunk platform. The position is a TEMPORARY hybrid therefore requiring onsite presence 3-days a week at our main customer location in Alexandria, Virginia as required.
Responsibilities:
• Log Source Validation & Compliance Alignment
◦ Ensure log review SOPs align with STIG and organizational requirements.
◦ Validate log generation, storage, and security configurations across systems.
◦ Confirm system clocks are synchronized to ZULU time for consistent timestamping.
• Log Review & Anomaly Detection
◦ Perform regular analysis of log data to identify anomalies, misconfigurations, or potential threats.
◦ Document findings and escalate suspicious activity to incident response teams.
• SIEM Integration & Data Feed Management
◦ Integrate DHRA and third-party data feeds into the Splunk SIEM platform.
◦ Deploy and maintain loggers, connectors, and event collectors to ensure data continuity.
• Alerting, Correlation & Use Case Development
◦ Develop and tune correlation rules, filters, and alerts to detect significant security events.
◦ Create and maintain use cases to support threat detection and compliance monitoring.
• System Maintenance & Component Deployment
◦ Deploy and upgrade Splunk components including ESM, SOAR, and UBA modules.
◦ Coordinate with IT operations and program managers for system modifications and downtimes.
• Log Retention, Rotation & Archival Oversight
◦ Monitor log rotation and archival processes to ensure compliance with retention policies.
◦ Conduct regular checks on storage capacity and automate log lifecycle management.
• Security Event Analysis & Trend Monitoring
◦ Conduct in-depth analysis of network, system, and application logs.
◦ Identify trends, detect intrusions, and support forensic investigations.
• Collaboration & Continuous Improvement
◦ Work with stakeholders to refine logging strategies and respond to audit findings.
◦ Recommend improvements based on policy changes, technology updates, and security needs.
Required Qualifications:
• Clearance:
◦ For candidates possessing a security clearance: An active Secret or Top Secret.
• This position requires the successful applicant to obtain and maintain the required security clearance or other authorization(s) within the necessary timeframe required by applicable contract(s).
• Active DoD 8570 IAT Level III certification (Security+ CE, CISSP, etc.) and relevant Computer Environment Certification
• 8+ years in cybersecurity operations, with specific expertise in Splunk and UBA and SOAR technologies.
• 5+ years of experience with an enterprise Logging and Security Information and Event Management (SIEM) solution, to include log collections, management, correlation, aggregation. ingestion, parsing, use case, dashboard, and triggers development.
• This is a hybrid (3-days per week onsite) position in Alexandria, Virginia as required.
• Ability to support Cybersecurity reviews, SOP development and maintenance including assisting in the generation of security artifacts, such as security plans, POA&M, and security CONOPS.
• Splunk Training and Certification:
◦ Core Certified Power User (must have)
◦ Splunk Enterprise Security Certified Admin
◦ Splunk Certified Cybersecurity Defense Analyst Splunk
◦ Splunk Certified Architect
group id: RTL73977