Security Engineer III, SIEM Engineer (Secret Clearance)
Job Description
Deloitte's Cyber Defense and Resilience team is seeking a Security Engineer III, SIEM Engineer to join a security operations program that emphasizes robust detection, rapid incident analysis, and content-focused improvements across large-scale environments. This role is based in Arlington, Virginia with optional remote work and requires an active Secret Clearance. The position offers a competitive salary range and the opportunity to work with leading SIEM technologies in a federal-enabled environment.
The following details outline the core responsibilities, requirements, technology stack, and benefits associated with the role.
Responsibilities
- Configure, maintain, and optimize SIEM content, including correlation rules, alerts, dashboards, and reports
- Analyze security events and log data to identify suspicious activity, support investigations, and improve detection coverage
- Integrate and normalize log sources from endpoint, network, cloud, identity, and security platforms
- Partner with cybersecurity teams to support use case development, threat detection, incident triage, and response activities
- Document detection logic, operational procedures, and monitoring requirements to support consistent service delivery
Requirements
- Bachelor's degree in computer science, Cybersecurity, Information Technology, Engineering, or related technical field
- Active Secret Clearance
- 3+ years of experience in cybersecurity, security operations, or SIEM engineering
- 3+ years of experience with at least one of the following: Splunk, Palo Alto XSIAM, or Crowdstrike NG SIEM
- Experience creating, tuning, and maintaining correlation searches, alerts, dashboards, and reports in a SIEM platform
- Experience reviewing and analyzing logs from endpoint, network, cloud, identity, and application sources
- Security certification such as Splunk certification, Palo Alto Networks certification, or CrowdStrike certification is required
- Ability to travel up to 20% on average based on client needs
- Willingness to work at client onsite or Deloitte office up to 5 days a week
- Legally authorized to work in the United States without the need for employer sponsorship now or in the future
Technologies
- Splunk
- Palo Alto XSIAM
- Crowdstrike NG SIEM
- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform
Benefits
- Discretionary annual incentive program
Preferred
- Experience supporting enterprise monitoring in a Security Operations Center
- Experience onboarding and normalizing log sources in a SIEM platform
- Experience mapping detections to MITRE ATT&CK techniques
- Experience with cloud security monitoring in AWS, Azure, or Google Cloud Platform
- Hands-on scripting or query language skills for detection and log analysis
- Security certifications such as CompTIA Security+ or GIAC