SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 20544, Washington, DC
  3. Senior SIEM Engineer

Senior SIEM Engineer

RedMatter Solutions LLC
Posted 16 hours ago, valid for 8 days
Location

Washington, District of Columbia 20544, DC

Salary

Competitive

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Description

 We are seeking a Senior SIEM Engineer to design, engineer, and operate a Security Information and Event Management (SIEM) capability supporting classified enterprise environments. You will lead log onboarding and normalization, correlation/detection engineering, content tuning, dashboarding, and integration with security operations workflows to improve detection, response, and compliance outcomes.

Key Responsibilities

  • Engineer, administer, and optimize SIEM platforms (e.g., Splunk ES, QRadar, Elastic/Sentinel-like stacks where applicable) in high-security environments.
  • Lead end-to-end log onboarding: requirements gathering, data source integration (agents, syslog, APIs), parsing/field extraction, normalization (e.g., CIM-like models), and validation.
  • Develop and maintain detection content: correlation rules, searches/queries, alerts, notable events, risk scoring, and use-case mappings to threats/techniques.
  • Perform SIEM tuning to reduce false positives and improve fidelity: thresholding, suppression, whitelisting, enrichment, and baselining.
  • Build and maintain dashboards, operational metrics, and executive-level reporting (coverage, alert volume, MTTD/MTTR contributions, top detections, data health).
  • Implement data enrichment integrations (asset inventory, identity, vulnerability data, threat intel feeds) to improve investigation context.
  • Support SOC operations by assisting with triage, investigation, and incident response; create playbooks and analytical workflows aligned to operational procedures.
  • Ensure platform health and performance: index/storage planning, forwarder/collector management, retention, search performance, scaling, and HA/DR considerations.
  • Participate in change/configuration management: lab testing, implementation planning, validation steps, rollback plans, and documentation updates.
  • Support compliance requirements through audit-ready evidence, control implementation support, and continuous monitoring reporting.
  • Create and maintain technical documentation: data source catalogs, onboarding runbooks, parsing guides, detection engineering standards, and troubleshooting procedures.
  • Mentor junior engineers/analysts and standardize content development practices (templates, peer review, release management for detections).

Requirements

Required

  • Active Top Secret clearance (required).
  • 8+ years of cybersecurity engineering experience with 4+ years focused on SIEM engineering/administration in enterprise environments.
  • Strong proficiency with SIEM query languages and content development (e.g., SPL, AQL, KQL/ES DSL equivalents) and detection engineering methodology.
  • Proven experience integrating common log sources: Windows event logs, Linux audit/syslog, network/security devices (firewalls, IDS/IPS, proxies), EDR, authentication/IdP, DNS, email, cloud logs (as applicable).
  • Experience with log parsing/normalization, data quality validation, and troubleshooting ingestion pipelines (collectors, forwarders, agents).
  • Understanding of attacker tactics/techniques and how to translate them into detections (e.g., MITRE ATT&CK mapping).
  • Working knowledge of vulnerability management, asset/CMDB data, and identity context to support enrichment and investigations.
  • Strong operational discipline in incident/change processes, documentation, and working under time pressure.

Preferred

  • Platform-specific certifications (preferred): Splunk Core/Power User/Admin/ES, IBM QRadar certs, Elastic certs, or equivalent.
  • Experience integrating SOAR platforms and automations (e.g., Phantom, XSOAR, Swimlane) and building automated response workflows.
  • Familiarity with EDR platforms and telemetry (e.g., Defender for Endpoint, CrowdStrike, Carbon Black) and building detections using endpoint events.
  • Experience with scripting/automation (Python, PowerShell, Bash) to support data onboarding, enrichment, and content deployment.
  • Knowledge of STIG/SRG hardening, RMF/ATO environments, and audit support in classified settings.
  • Experience building/operating SIEM in segmented or multi-enclave architectures.


Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs