Cybersecurity Operations Specialist -SIEM Services (Evergreen)
Job Description
This role focuses on designing, deploying, and sustaining SIEM capabilities and analytics for mission partners, onboarding IT resources, and ensuring proper routing of audit events.
Responsibilities
- Provide preventive and corrective maintenance to keep services secure, reliable, and available, including vendor RMA handling, disposal of failed equipment/software, installation and testing of new assets, and configuring new hardware/software.
- Maintain system availability and reliability at a target uptime of 99.99%.
- Identify and open tickets for degradations in SIEM data flows within 60 minutes of detection.
- Conduct routine and vendor-recommended maintenance aligned with approved change management; maintain documentation, change logs, and service bulletin libraries in the CSOC knowledge base.
- Lead emergency maintenance with urgency to minimize outages, with government approval and coordination through CSOC and ESC management.
- Execute development, engineering, testing, integration, and deployment actions for major vendor revisions.
- Carry out continuous engineering assessments to improve performance, effectiveness, coverage, and maturity of the service.
- Document instances of loss or gaps in event logs and address gaps as appropriate.
- Configure all service assets within the Government Furnished Information - Software Tools list in accordance with applicable federal, DoD, IC, and NCE laws and policies.
- Perform full integration and interoperability work across assets, ensuring data flows are properly parsed for ingestion and transmission to internal and external reporting systems (for example DoDIN, DoD Scorecard/Get to Green, IC CIO reporting).
- Use agency-approved ticketing systems to document, track, assign, update, and coordinate engineering, integration, configuration, and maintenance actions.
- Leverage monitoring, analysis, and visualization tools to track effectiveness, status, and performance metrics as required by government staff and contractors.
Requirements
- SIEM experience with ArcSight, ElasticSearch, Splunk, Event Broker, or User Behavioral Analytics (UBA).
- Experience supporting the Cybersecurity Operations Cell (CSOC) in creating alerting rules.
- Ability to create SIEM playbooks.
- Linux (RHEL) expert with administration and engineering proficiency.
- Proficiency in tuning SIEM filters to detect malicious or atypical activity while reducing false positives.
- Experience developing content within ArcSight and Kibana to aid analysts investigating incidents.
- Creation of ArcSight rules based on malicious-event use cases.
- Ability to tune and aggregate queries and filters.
- Strong troubleshooting skills for event flow through the Enterprise Audit infrastructure.
- Proficiency in troubleshooting event formats and parsing for ingestion into storage and SIEM tools.
- Active TS/SCI clearance.
- DoD 8570.01-M IAT Level II and CSSP Infrastructure Support certifications.
- Minimum 6+ years of experience with SIEM and development projects.
- At least 6+ years supporting SIEM for projects and technical exchange meetings.
- Over 6+ years developing and maintaining enterprise audit projects.
Technologies
- ArcSight
- ElasticSearch
- Splunk
- Event Broker
- User Behavioral Analytics (UBA)
- Kibana
- Linux (RHEL)
- Joint Incident Management System (DoDIN)
- DoD Scorecard / Get to Green reporting
- Cybersecurity Performance Evaluation Model reporting
Work Requirements
- 6+ years of related experience
- Experience may vary based on technical training, certifications, or degree
Location
- St. Louis, MO (onsite)
Citizenship
- U.S. Citizenship Required
Salary and Benefits
- Salary range: $128,039 – $173,229 per year
- Salary is determined by experience, geographic location, and contractual requirements; it may fall outside the stated range
- View information about benefits and the total rewards program
Identity Verification
As part of the hiring process, an identity verification step that uses biometrics and AI may be required to confirm authenticity and prevent fraud. Virtual interviews may require on-camera participation, and biometric data may be collected for identity verification and security purposes.
About Our Work
We are GDIT, a global technology and professional services company delivering solutions and mission services to the U.S. government, defense, and intelligence communities. With about 26,000 experts, we operate across more than 50 countries, focusing on AI, cloud, cyber, and software development to drive immediate value for our clients.