Lead SIEM Engineer with Security Clearance

Position Title: Lead SIEM Engineer/Analyst - Splunk Location: Alexandria, VA (Mark Center) ASE is seeking a Lead SIEM Engineer/Analyst – Splunk to support one of our federal government clients. The successful candidate MUST possess an active Secret or Top-Secret Security Clearance and have experience supporting enterprise-wide log management, security event monitoring, and compliance initiatives utilizing the Splunk platform. The position is a TEMPORARY hybrid therefore requiring onsite presence 3-days a week at our main customer location in Alexandria, Virginia as required. Responsibilities: • Log Source Validation & Compliance Alignment ◦ Ensure log review SOPs align with STIG and organizational requirements. ◦ Validate log generation, storage, and security configurations across systems. ◦ Confirm system clocks are synchronized to ZULU time for consistent timestamping. • Log Review & Anomaly Detection ◦ Perform regular analysis of log data to identify anomalies, misconfigurations, or potential threats. ◦ Document findings and escalate suspicious activity to incident response teams. • SIEM Integration & Data Feed Management ◦ Integrate DHRA and third-party data feeds into the Splunk SIEM platform. ◦ Deploy and maintain loggers, connectors, and event collectors to ensure data continuity. • Alerting, Correlation & Use Case Development ◦ Develop and tune correlation rules, filters, and alerts to detect significant security events. ◦ Create and maintain use cases to support threat detection and compliance monitoring. • System Maintenance & Component Deployment ◦ Deploy and upgrade Splunk components including ESM, SOAR, and UBA modules. ◦ Coordinate with IT operations and program managers for system modifications and downtimes. • Log Retention, Rotation & Archival Oversight ◦ Monitor log rotation and archival processes to ensure compliance with retention policies. ◦ Conduct regular checks on storage capacity and automate log lifecycle management. • Security Event Analysis & Trend Monitoring ◦ Conduct in-depth analysis of network, system, and application logs. ◦ Identify trends, detect intrusions, and support forensic investigations. • Collaboration & Continuous Improvement ◦ Work with stakeholders to refine logging strategies and respond to audit findings. ◦ Recommend improvements based on policy changes, technology updates, and security needs. Required Qualifications: • Clearance: ◦ For candidates possessing a security clearance: An active Secret or Top Secret. • This position requires the successful applicant to obtain and maintain the required security clearance or other authorization(s) within the necessary timeframe required by applicable contract(s). • Active DoD 8570 IAT Level III certification (Security+ CE, CISSP, etc.) and relevant Computer Environment Certification • 8+ years in cybersecurity operations, with specific expertise in Splunk and UBA and SOAR technologies. • 5+ years of experience with an enterprise Logging and Security Information and Event Management (SIEM) solution, to include log collections, management, correlation, aggregation. ingestion, parsing, use case, dashboard, and triggers development. • This is a hybrid (3-days per week onsite) position in Alexandria, Virginia as required. • Ability to support Cybersecurity reviews, SOP development and maintenance including assisting in the generation of security artifacts, such as security plans, POA&M, and security CONOPS. • Splunk Training and Certification: ◦ Core Certified Power User (must have) ◦ Splunk Enterprise Security Certified Admin ◦ Splunk Certified Cybersecurity Defense Analyst Splunk ◦ Splunk Certified Architect

Position Title: Lead SIEM Engineer/Analyst - Splunk Location: Alexandria, VA (Mark Center) ASE is seeking a Lead SIEM Engineer/Analyst – Splunk to support one of our federal government clients. The successful candidate MUST possess an active Secret or Top-Secret Security Clearance and have experience supporting enterprise-wide log management, security event monitoring, and compliance initiatives utilizing the Splunk platform. The position is a TEMPORARY hybrid therefore requiring onsite presence 3-days a week at our main customer location in Alexandria, Virginia as required. Responsibilities: • Log Source Validation & Compliance Alignment ◦ Ensure log review SOPs align with STIG and organizational requirements. ◦ Validate log generation, storage, and security configurations across systems. ◦ Confirm system clocks are synchronized to ZULU time for consistent timestamping. • Log Review & Anomaly Detection ◦ Perform regular analysis of log data to identify anomalies, misconfigurations, or potential threats. ◦ Document findings and escalate suspicious activity to incident response teams. • SIEM Integration & Data Feed Management ◦ Integrate DHRA and third-party data feeds into the Splunk SIEM platform. ◦ Deploy and maintain loggers, connectors, and event collectors to ensure data continuity. • Alerting, Correlation & Use Case Development ◦ Develop and tune correlation rules, filters, and alerts to detect significant security events. ◦ Create and maintain use cases to support threat detection and compliance monitoring. • System Maintenance & Component Deployment ◦ Deploy and upgrade Splunk components including ESM, SOAR, and UBA modules. ◦ Coordinate with IT operations and program managers for system modifications and downtimes. • Log Retention, Rotation & Archival Oversight ◦ Monitor log rotation and archival processes to ensure compliance with retention policies. ◦ Conduct regular checks on storage capacity and automate log lifecycle management. • Security Event Analysis & Trend Monitoring ◦ Conduct in-depth analysis of network, system, and application logs. ◦ Identify trends, detect intrusions, and support forensic investigations. • Collaboration & Continuous Improvement ◦ Work with stakeholders to refine logging strategies and respond to audit findings. ◦ Recommend improvements based on policy changes, technology updates, and security needs. Required Qualifications: • Clearance: ◦ For candidates possessing a security clearance: An active Secret or Top Secret. • This position requires the successful applicant to obtain and maintain the required security clearance or other authorization(s) within the necessary timeframe required by applicable contract(s). • Active DoD 8570 IAT Level III certification (Security+ CE, CISSP, etc.) and relevant Computer Environment Certification • 8+ years in cybersecurity operations, with specific expertise in Splunk and UBA and SOAR technologies. • 5+ years of experience with an enterprise Logging and Security Information and Event Management (SIEM) solution, to include log collections, management, correlation, aggregation. ingestion, parsing, use case, dashboard, and triggers development. • This is a hybrid (3-days per week onsite) position in Alexandria, Virginia as required. • Ability to support Cybersecurity reviews, SOP development and maintenance including assisting in the generation of security artifacts, such as security plans, POA&M, and security CONOPS. • Splunk Training and Certification: ◦ Core Certified Power User (must have) ◦ Splunk Enterprise Security Certified Admin ◦ Splunk Certified Cybersecurity Defense Analyst Splunk ◦ Splunk Certified Architect

• 

• Government Careers

Show more