Description & Requirements
Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first. At ManTech International, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.
We are seeking a highly skilled and motivated Senior Cyber Security SIEM Specialist to join our Network Operations Security Center (NOSC). The ideal candidate will be an expert in Security Information and Event Management (SIEM) systems, responsible for designing, implementing, and maintaining SIEM solutions to protect DHS's networks and information systems from cyber threats.
Responsibilities include, but are not limited to:
- Develop and implement the enterprise Security Information and Event Monitoring (SIEM) strategy and tool implementation via Splunk, design data flow diagrams and alert feed architectures to ensure seamless alert integration
- Develop and maintain SIEM architecture, including data sources, log management, and alerting mechanisms
- Configure tools, settings, alerts, and notifications to improve the enterprise security and resilience capabilities, including implementation of Security Orchestration and Automation for Response (SOAR) capabilities.
- Develop content for rule implementation on network border devices (firewalls, routers, switches, IDS/IPS, Taclanes, etc.)
- Monitor security events and alerts, conducting detailed analysis to identify potential security incidents
- Participates in response activities to all major enterprise outages
- Collaborate with incident response teams to investigate and remediate security incidents.
- Perform regular system health checks, maintenance, and upgrades to ensure SIEM performance and reliability
- Provide technical guidance and support to junior analysts and other team members
- Stay current with the latest SIEM technologies, cyber threats, and best practices
- Develop and deliver training sessions on SIEM tools and techniques for DHS staff
Basic Qualifications:
- A bachelor’s degree in computer science, information technology, cybersecurity, or a related field
- A minimum of (8) eight years of experience in cybersecurity with a focus on SIEM engineering and operations
- Proficiency with SIEM platforms (e.g., Splunk, Swimlane, ArcSight, QRadar, LogRhythm)
- Strong understanding of network protocols, system logs, and security event correlation
- Experience in developing and tuning SIEM use cases, correlation rules, and alerts
Preferred Qualifications:
- Relevant certifications, such as: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH) -OR- SIEM specific certifications (e.g., Splunk Certified Power User)
- A master’s degree
- Experience working in a government or defense environment.
- Familiarity with DHS policies and procedures.
- Knowledge of broader cybersecurity frameworks (e.g., NIST, ISO 27001).
Clearance Requirements:
- Must be a U.S. citizen
- Must possess a Secret clearance
- Must to able to obtain and maintain a Top-Secret clearance
Physical Requirements:
Must be able to remain in a stationary position for extended periods of time.
Needs to occasionally move about inside the office to access file cabinets, office machinery, etc.
Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer.
The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.