SIEM Analyst

Summary

Ryan Consulting Group Inc. is seeking a first shift SIEM Analyst with an ACTIVE Secret Clearance. This position is hybrid 3 days on-site and 2 days remote.

The SIEM Analyst is responsible for supporting the management optimization and continuous monitoring of Security Information and Event Management (SIEM) systems within Department of Defense (DoD) environments. This role focuses on reviewing validating and optimizing SIEM log sources rule configurations and system deployment metrics to ensure comprehensive and efficient threat detection.

The SIEM Analyst will collaborate with cybersecurity teams to develop processes and Standard Operating Procedures (SOPs) for effective SIEM log management incident detection and threat response. This position requires strong analytical skills attention to detail and a proactive approach to SIEM management and improvement. The ideal candidate will have experience with log analysis configuration validation and the identification of security misconfigurations in a SIEM environment.

Responsibilities

Develop and Document SIEM Processes and SOPs:

• Assist in developing and documenting a process and SOP for the regular review and validation of SIEM logs and sources.
• Define procedures for identifying SIEM misconfigurations evaluating SIEM rules and generating reports on system deployment metrics such as active log source counts log types entities and rules reviewed or modified.

SIEM Log Source Review:

• Regularly review and validate SIEM log sources in collaboration with cybersecurity experts to build or update asset profiles. Use these profiles to assess system risk and criticality leveraging data from Mission Assurance Configuration Management Database (CMDB) and other resources.

Establish and Maintain SIEM Log Review Schedules:

• Implement and manage a regular schedule for reviewing SIEM logs based on system sensitivity and risk profiles. Perform reviews daily weekly or monthly depending on the systems criticality.
• Conduct weekly SIEM log reviews focusing on identifying: Unusual system behavior Deviations from established baselines and Configuration changes

Incident Reporting and Collaboration:

• Monitor and relay any anomalous or potentially malicious activity detected in the SIEM to Cyber Operations (Cyber Ops) Analysts.
• Provide timely communication and findings to cybersecurity leadership to ensure prompt action on security issues.

Continuous SIEM Rule Assessment:

• Conduct regular evaluations of SIEM rules to ensure their effectiveness in identifying potential security threats. Review 10-15 SIEM signatures monthly to ensure they are relevant and effective.
• Work with ISSM ISO and Cyber Ops Analysts to identify SIEM rules that need optimization to improve threat detection accuracy and reduce false positives.

Log Source Configuration Validation:

• Validate the configuration of log sources to ensure that all relevant security data is collected ingested and processed by the SIEM. Identify any missing or misconfigured log sources and create incidents (IRs) to assign these to the SIEM team for resolution.

Documentation and Reporting:

• Maintain detailed documentation on SIEM configurations rule assessments and incident reports.
• Generate and present reports with system deployment metrics to cybersecurity leadership focusing on log source counts rule modifications and overall SIEM performance.

• ACTIVE Secret Security Clearance.
• 3-5 years of experience in cybersecurity or a related role with hands-on experience managing SIEM systems.
• Strong understanding of log analysis rule-based threat detection and incident response processes.
• Familiarity with DoD cybersecurity policies and standards including experience working with SIEM tools in a defense environment.

Skills

• Proficiency with SIEM tools such as Splunk ArcSight LogRhythm or QRadar and familiarity with DoD-specific implementations.
• Strong understanding of network security log source validation and rule-based threat detection.
• Strong verbal and written communication skills with the ability to collaborate with both technical and non-technical stakeholders.
• Experience preparing and delivering reports and presentations on SIEM performance and security incidents.
• Ability to think analytically and make data-driven decisions to optimize SIEM configurations and rule effectiveness.

Education

• Bachelors degree in Cybersecurity Information Technology Computer Science or a related field (or equivalent experience).

Certifications

Must possess one or more of the following IASAE Level II certifications:

• CASP CE
• CISSP (or Associate)
• CSSLP

Statements

Equal Employment Opportunity (EEO) Statement

Ryan Consulting Group Inc. is an equal opportunity employer. We are dedicated to ensuring equal employment opportunities in all aspects of employment including recruitment hiring promotion training compensation benefits and termination. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability veteran status or any other characteristic protected by applicable law.

Ryan Consulting Group Inc. is also committed to complying with the Americans with Disabilities Act (ADA) and providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or accommodation due to a disability in the application process please contact

Drug-Free Workplace Statement

Ryan Consulting Group Inc. is committed to maintaining a drug-free workplace in compliance with the Drug-Free Workplace Act of 1988 which is a requirement for all federal contractors. We recognize the impact that drug and alcohol abuse can have on the safety health and productivity of our workforce and we are dedicated to providing a work environment that is free from illegal drugs and alcohol. All employment offers are conditional upon successfully passing a drug screening.

Pay Transparency Statement

Ryan Consulting Group Inc. complies with all relevant pay transparency laws in each state and jurisdiction where we operate. This includes providing salary ranges and pay data in compliance with state or local regulations where applicable.

We also ensure that applicants and employees in relevant states are informed of their right to inquire about pay information as required by state or local laws. Employees and applicants in states where pay transparency laws are in effect can expect to be provided with salary information upon request during the hiring process.