Senior SIEM Engineer at RedMatter Solutions

Washington, District of Columbia, United States -

Full Time

Start Date

Immediate

Expiry Date

21 May, 26

Salary

0.0

Posted On

20 Feb, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

SIEM Engineering, Splunk ES, QRadar, Elastic, Sentinel, Log Onboarding, Normalization, Detection Engineering, Correlation Rules, Content Tuning, Dashboarding, SOC Operations, Platform Health, Change Management, Technical Documentation, Mentoring

Industry

Information Technology & Services

Description

Description We are seeking a Senior SIEM Engineer to design, engineer, and operate a Security Information and Event Management (SIEM) capability supporting classified enterprise environments. You will lead log onboarding and normalization, correlation/detection engineering, content tuning, dashboarding, and integration with security operations workflows to improve detection, response, and compliance outcomes. Key Responsibilities Engineer, administer, and optimize SIEM platforms (e.g., Splunk ES, QRadar, Elastic/Sentinel-like stacks where applicable) in high-security environments. Lead end-to-end log onboarding: requirements gathering, data source integration (agents, syslog, APIs), parsing/field extraction, normalization (e.g., CIM-like models), and validation. Develop and maintain detection content: correlation rules, searches/queries, alerts, notable events, risk scoring, and use-case mappings to threats/techniques. Perform SIEM tuning to reduce false positives and improve fidelity: thresholding, suppression, whitelisting, enrichment, and baselining. Build and maintain dashboards, operational metrics, and executive-level reporting (coverage, alert volume, MTTD/MTTR contributions, top detections, data health). Implement data enrichment integrations (asset inventory, identity, vulnerability data, threat intel feeds) to improve investigation context. Support SOC operations by assisting with triage, investigation, and incident response; create playbooks and analytical workflows aligned to operational procedures. Ensure platform health and performance: index/storage planning, forwarder/collector management, retention, search performance, scaling, and HA/DR considerations. Participate in change/configuration management: lab testing, implementation planning, validation steps, rollback plans, and documentation updates. Support compliance requirements through audit-ready evidence, control implementation support, and continuous monitoring reporting. Create and maintain technical documentation: data source catalogs, onboarding runbooks, parsing guides, detection engineering standards, and troubleshooting procedures. Mentor junior engineers/analysts and standardize content development practices (templates, peer review, release management for detections). Requirements Required Active Top Secret clearance (required). 8+ years of cybersecurity engineering experience with 4+ years focused on SIEM engineering/administration in enterprise environments. Strong proficiency with SIEM query languages and content development (e.g., SPL, AQL, KQL/ES DSL equivalents) and detection engineering methodology. Proven experience integrating common log sources: Windows event logs, Linux audit/syslog, network/security devices (firewalls, IDS/IPS, proxies), EDR, authentication/IdP, DNS, email, cloud logs (as applicable). Experience with log parsing/normalization, data quality validation, and troubleshooting ingestion pipelines (collectors, forwarders, agents). Understanding of attacker tactics/techniques and how to translate them into detections (e.g., MITRE ATT&CK mapping). Working knowledge of vulnerability management, asset/CMDB data, and identity context to support enrichment and investigations. Strong operational discipline in incident/change processes, documentation, and working under time pressure. Preferred Platform-specific certifications (preferred): Splunk Core/Power User/Admin/ES, IBM QRadar certs, Elastic certs, or equivalent. Experience integrating SOAR platforms and automations (e.g., Phantom, XSOAR, Swimlane) and building automated response workflows. Familiarity with EDR platforms and telemetry (e.g., Defender for Endpoint, CrowdStrike, Carbon Black) and building detections using endpoint events. Experience with scripting/automation (Python, PowerShell, Bash) to support data onboarding, enrichment, and content deployment. Knowledge of STIG/SRG hardening, RMF/ATO environments, and audit support in classified settings. Experience building/operating SIEM in segmented or multi-enclave architectures.

Responsibilities

The Senior SIEM Engineer will be responsible for designing, engineering, and operating the SIEM capability for classified enterprise environments, focusing on log onboarding, detection engineering, and integration with security operations workflows. Key duties include engineering and optimizing SIEM platforms, developing detection content, performing tuning to reduce false positives, and ensuring platform health and performance.