Description
Description
We provide advanced cybersecurity monitoring and engineering support to a wide range of government agencies through a multi-tenant MSS model. Our Security Operations Center (SOC) operates 24/7, leveraging Microsoft Sentinel as the core SIEM platform. However, we increasingly support hybrid and multi-cloud environments including AWS and Splunk, and we are seeking a cloud-savvy SIEM engineer to help us grow and maintain secure, scalable monitoring capabilities.
As a SOC SIEM/Cloud Engineer, you will serve as one of the primary engineers for multi-cloud SIEM operations in a managed security services environment. While Microsoft Sentinel remains our core SIEM platform, you will also support AWS-native security tooling and Splunk-based environments. This role emphasizes cross-cloud log ingestion, automation, and security detection engineering. Candidates must be self-directed, security-minded, and comfortable designing scalable monitoring strategies across diverse architectures.
This is a remote position, but Secret clearance eligibility is required to support future classified operations, as needed.
KEY RESPONSIBILITIES:
SIEM Operations & Cloud Integration
- Administer and optimize SIEM platforms including Microsoft Sentinel, Splunk, and AWS-native tools such as CloudWatch, CloudTrail, GuardDuty, and Security Hub.
- Manage log ingestion pipelines from hybrid, cloud, and containerized environments.
- Design alert rules, detection use cases, and enrichment pipelines using KQL, SPL, and JSON-based event structures.
Security Automation
- Build and maintain automation workflows using Azure Logic Apps, Splunk SOAR, and AWS Lambda/Step Functions.
- Integrate threat intelligence, reputation feeds, and context enrichment across cloud platforms.
- Partner with SOC analysts to streamline Tier 1–2 response efforts through smart automation.
Multi-Cloud Design & Support
- Act as the subject matter expert on cloud security logging and architecture for Azure, AWS, and hybrid environments.
- Advise customers and internal teams on best practices for telemetry, logging policy, and compliance alignment (e.g., FedRAMP, CJIS, NIST 800-53).
- Lead or support onboarding of cloud workloads including EC2, EKS, Lambda, Azure VMs, Kubernetes, and M365/GCC environments.
Qualifications
Required Qualifications
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field
- 3–5+ years of SIEM engineering experience across multi-cloud environments (Azure, AWS)
- Hands-on experience with Microsoft Sentinel, AWS Security Services, and Splunk
- Experience creating alerts and detection rules in KQL, SPL, and JSON-based formats
- Familiarity with automation tools such as Logic Apps, Splunk SOAR, AWS Lambda, or Step Functions
- Strong scripting knowledge (PowerShell, Python, or Bash)
- Must be a U.S. citizen and clearable to the Secret level
Preferred Qualifications
- Active Secret clearance or higher
- Microsoft Certifications: SC-200, AZ-500
- AWS Certifications: Security Specialty, Solutions Architect Associate or Pro
- Splunk Certifications: Admin, Power User
- Experience with cloud container security (EKS, AKS, Kubernetes auditing)
- Experience in multi-tenant MSSP environments or government contracts
- Familiarity with large language models (LLMs), GenAI, or agentic AI frameworks for use in cybersecurity operations
What We Offer
- Fully remote work with flexibility and work-life balance
- Opportunity to contribute to classified operations with additional clearance
- Competitive compensation and benefits
- Training and certification assistance
- Stable, mission-driven cybersecurity work supporting state and federal government agencies
Target salary range: $80,001 - $120,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
Apply on company website
Find Connections via Linkedin
