Jobs · himalayas
Senior SIEM Engineer
Meridian Softworks · United States · Posted 22d ago
About the role
Lead the design and deployment of the SIEM platform for the Security Operations Center.
Position Description Meridian Softworks is seeking a Senior SIEM Engineer to join our rapidly growing and innovative cybersecurity team! The Senior SIEM Engineer serves as the technical lead for the design, deployment, tuning, and sustainment of the enterprise Security Information and Event Management (SIEM) platform that supports the client's Security Operations Center (SOC). This role owns the health and performance of the SIEM environment that ingests logs and telemetry across endpoint, network, cloud, operating system, and application layers, and feeds the 24x7x365 monitoring mission. Working alongside SOC analysts, threat hunters, engineering teams, and the client's stakeholders, the Senior SIEM Engineer translates detection requirements into production-ready content, integrates the SIEm with SOAR, EDR, CDM, and identity platforms, and builds the dashboards, correlation searches, and data models that allow Tier 1 through Tier 3 analysts to triage, investigate, and respond to threats within the client's's contractual timeframes. The position requires deep, hands-on SIEM expertise, strong cloud and federal cybersecurity context, and the judgment to balance ingest costs, data quality, detection coverage, and compliance with OMB M-26-14, NIST SP 1000-53 NIST SP 1000-61 and NIST SP 1000-137. Named one of the Best Places to Work in the Washington DC area for 12 consecutive years , Valiant is proud of our employee-centric culture and commitment to excellence. If you are interested in learning more about Valiant and this opportunity, we invite you to apply now! Location: Remote, ideally in the Washington, DC Metro Area. Remote work requires a high level of trust in our employees, and we strictly adhere to the details outlined in our Remote Work Policy below. Eligibility Requirements: U.S. Citizenship is required due to federal contract obligations, and applicants must be able to successfully pass a federal background investigation . Required Experience: Eight or more years of cybersecurity engineering experience, with at least five years dedicated to SIEM architecture, administration, and content development. Hands-on experience designing and operating distributed SIEM deployments at enterprise scale, including indexer clusters, search head clusters, heavy and universal forwarders, deployment servers, and license management. Demonstrated experience writing, tuning, and optimizing queries, correlation searches, data models, accelerated summaries, lookups, and macros. Working knowledge of security focused SIEM components, including notable event framework, risk-based alerting, asset and identity frameworks, and adaptive response actions. Experience in onboarding diverse data sources at scale, including operating system logs, network flow and packet data, cloud platform logs (AWS CloudTrail, GuardDuty, VPC Flow, Config), endpoint telemetry, application logs, and identity provider logs. Experience integrating SIEM with SOAR platforms, Endpoint Detection and Response tools, Continuous Diagnostics and Mitigation (CDM) data feeds, vulnerability management platforms, and ticketing systems such as ServiceNow. Working knowledge of AWS GovCloud services and the design patterns used to forward, normalize, and secure log data from cloud-native sources. Familiarity with the MITRE ATT&CK framework and experience translating adversary techniques into SIEM detection content. Working knowledge of NIST SP 1000-53 NIST SP 1000-61 and NIST SP 1000-137 and the ability to map SIEM controls and continuous monitoring practices to those frameworks. Experience supporting incident response activities, including building investigation dashboards, preserving log evidence, and producing artifacts for post-incident reporting. Strong scripting and automation skills in at least one of Python, Bash, or PowerShell, and comfort with version control using Git. Beneficial Splunk certifications: Splunk Core Certified Power User and Splunk Enterprise Certified Admin. Splunk Certified Architect, Splunk Enterprise Security Certified Admin, or Splunk Core Certified Consultant is strongly preferred. Required to obtain and maintain a Non-Sensitive / High Risk (Public Trust) security clearance at the Tier 4/6c level. Strong written and verbal communication skills, with the ability to brief technical findings to SOC leadership, ISSOs, and senior Government officials. Responsibilities: Lead the architecture, deployment, upgrade, and sustainment of the SIEM environment supporting the client's SOC, including indexer and search head clusters, forwarders, and supporting infrastructure. Monitor SIEM platform health, license usage, indexing latency, search performance, and ingest rates, and proactively address capacity, performance, and availability issues. Onboard new data sources by defining requirements, configuring inputs and forwarders, building parsing and field extractions, and validating Common Information Model (CIM) compliance. Develop, tune, and maintain
Read the full posting on himalayas →
FAQ
Is the Senior SIEM Engineer role at Meridian Softworks remote?+
This Senior SIEM Engineer position is listed as remote (United States).
What is the salary for the Senior SIEM Engineer role at Meridian Softworks?+
The listing states Estimated 93k-215k USD.
What seniority level is this Senior SIEM Engineer role?+
This is a senior level position.
How do I apply for the Senior SIEM Engineer role at Meridian Softworks?+
Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Meridian Softworks.