Senior SIEM Engineer
XOR Security an Agile Defense Company is currently seeking talented Senior SIEM Engineer to support an Agency-level enterprise cyber program. To support this vital mission, XOR staff are on the forefront of providing Advanced CND Operations, and Security Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To support the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in security engineering and systems administration. The ideal candidate will have a solid understanding of complexities related to cloud security, Operations and Maintenance (O&M), cloud brokering, and cloud infrastructure implementation.
Washington D.C., USA
*** Onsite 1 time a week
Skills and Qualifications:
· Provide daily, ongoing operational support of Microsoft Sentinel, to include the security impact of proposed modifications, additions, and technology implementation/refresh operations.
· Maintain knowledge of industry trends in terms of threat landscape and translate that to the SIEM engineering function to help protect the client’s cyber assets
· Thoroughly understand software installations, systems monitoring and troubleshooting, account management, and overall efforts to ensure uninterrupted log ingestions and threat detections.
· Think creatively to discover and support automation opportunities
· Work extensively with the multiple business units for log ingestion, data enrichment, and automation via the SIEM/SOAR platform
· Provide support when needed by the incident response, threat hunting and threat intel teams.
· Act as an escalation point for other engineers and analysts on the team for content development, integrations, and log analysis troubleshooting
· Developing and documenting configuration standards, policies, and procedures for operating, managing and ensuring the security of a SIEM infrastructure
Participates and contributes actively in team meetings and Agile engineering process
· Bachelor's degree in computer science, Computer Engineering, Information Systems, or similar.
· 7 years SIEM (Security Information and Event Management) experience (Splunk, Sentinel, ELK, Qradar, ArcSight, DataDog, or equivalent)
· Strong knowledge of any of the following structured query languages: SPL, KQL, SQL, AQL
· Experience performing content development / detection engineering
· At a minimum Splunk (Admin or Architect), Azure SC-200, or CompTIA CASP+ certification
· U.S. Citizen
· Bonus: experience working in an Agile engineering environment
Bonus: experience with cloud security technologies including but not limited to Microsoft Azure Security Stack (Microsoft Defender for Cloud, Microsoft Intune, Exchange Online Protection, Microsoft Graph), CrowdStrike, and Palo Alto Global Protect
XOR Security an Agile Defense Company offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security an Agile Defense Company is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.