HHS SIEM Engineer

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a SIEM Engineer to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

Bachelors degree in Cybersecurity Information Technology Computer Science or related discipline.
Minimum 69 years of experience administering enterprise SIEM and logging platforms.
Handson experience with Splunk Enterprise and Splunk Enterprise Security.
Strong understanding of log management detection engineering and SOC operations.
Experience integrating cloud endpoint network and application logs.
Knowledge of NIST SP 80092 NIST SP 800137 NIST SP 80053 and federal logging requirements.
Experience supporting audits investigations and compliance reporting.
Strong written and verbal communication skills.
Splunk Enterprise Certified Architect Splunk Enterprise Certified Administrator GCED GCIA or CISSP

Duties:

Administer and maintain a complex hybrid SIEM and logging infrastructure across onpremises IaaS PaaS SaaS and multicloud environments.
Ensure SIEM operations comply with OMB M2131 logging requirements including log categories retention and accessibility.
Perform data onboarding for new log sources including servers applications databases network devices cloud services and security tools.
Integrate SOC tools with the SIEM to enable automation enrichment and workflow orchestration.
Develop maintain and optimize SIEM correlation searches detection use cases and alerting rules.
Build and maintain dashboards reports and adhoc searches for SOC analysts ISSOs auditors and leadership.
Monitor data accuracy parsing integrity timestamp normalization and log completeness.
Optimize SIEM performance including ingestion rates indexing efficiency storage utilization and search response times.
Implement SIEM changes following HRSA change management procedures with documented implementation and rollback plans.
Develop and maintain SIEM applications addons and custom content as required.
Integrate threat intelligence feeds to enrich alerts and support advanced detection.
Support incident response workflows by ensuring SIEM integration with ticketing and SOAR platforms.
Support audit and assessment requests by providing SIEM evidence logs and compliance dashboards.
Document SIEM architectures workflows SOPs onboarding procedures and operational processes.
Update patch and maintain SIEM components in accordance with HHS and HRSA standards.
Collaborate closely with the Federal Logging and SIEM SME and SOC leadership.
Maintain an SLA of responding to SIEM support requests within two (2) business days.

Required Experience:

Senior IC

Bachelors degree in Cybersecurity Information Technology Computer Science or related discipline.
Minimum 69 years of experience administering enterprise SIEM and logging platforms.
Handson experience with Splunk Enterprise and Splunk Enterprise Security.
Strong understanding of log management detection engineering and SOC operations.
Experience integrating cloud endpoint network and application logs.
Knowledge of NIST SP 80092 NIST SP 800137 NIST SP 80053 and federal logging requirements.
Experience supporting audits investigations and compliance reporting.
Strong written and verbal communication skills.
Splunk Enterprise Certified Architect Splunk Enterprise Certified Administrator GCED GCIA or CISSP

Duties:

Administer and maintain a complex hybrid SIEM and logging infrastructure across onpremises IaaS PaaS SaaS and multicloud environments.
Ensure SIEM operations comply with OMB M2131 logging requirements including log categories retention and accessibility.
Perform data onboarding for new log sources including servers applications databases network devices cloud services and security tools.
Integrate SOC tools with the SIEM to enable automation enrichment and workflow orchestration.
Develop maintain and optimize SIEM correlation searches detection use cases and alerting rules.
Build and maintain dashboards reports and adhoc searches for SOC analysts ISSOs auditors and leadership.
Monitor data accuracy parsing integrity timestamp normalization and log completeness.
Optimize SIEM performance including ingestion rates indexing efficiency storage utilization and search response times.
Implement SIEM changes following HRSA change management procedures with documented implementation and rollback plans.
Develop and maintain SIEM applications addons and custom content as required.
Integrate threat intelligence feeds to enrich alerts and support advanced detection.
Support incident response workflows by ensuring SIEM integration with ticketing and SOAR platforms.
Support audit and assessment requests by providing SIEM evidence logs and compliance dashboards.
Document SIEM architectures workflows SOPs onboarding procedures and operational processes.
Update patch and maintain SIEM components in accordance with HHS and HRSA standards.
Collaborate closely with the Federal Logging and SIEM SME and SOC leadership.
Maintain an SLA of responding to SIEM support requests within two (2) business days.