Maintain SIEM solutions (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in cloud environments (AWS, Azure, GCP) to support FedRAMP continuous monitoring requirements
Maintain and support SIEM platforms (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in AWS, Azure, and GCP environments to support continuous monitoring and compliance requirements
Manage and maintain log collection infrastructure including forwarders, collectors, and ingestion pipelines across hybrid environments
Support SIEM performance tuning, storage management, retention settings, and licensing optimization under established operational guidelines
Implement and maintain log retention and audit configurations aligned with FedRAMP and other compliance framework requirements
Develop, tune, and maintain detection rules, correlation searches, and alerting logic to identify security events
Create and maintain custom parsers and field extractions for complex or proprietary log sources
Reduce false positives through ongoing rule tuning, baseline analysis, and detection improvement efforts
Participate in peer reviews of detection rules and SIEM configuration changes
Monitor SIEM alerts and investigate security events to support incident response and threat hunting activities
Contribute to development and maintenance of detection and response playbooks and operational procedures
Support troubleshooting of SIEM ingestion, parsing, and performance issues
Work with infrastructure and application teams to onboard new log sources and improve security visibility
Collect and organize SIEM control evidence and artifacts for audits and 3PAO assessment activities
Ensure SIEM configurations support required controls such as audit review, log integrity, and time synchronization
Create and maintain SIEM architecture, detection, and operational documentation and runbooks
Provide technical support during client reviews and operational meetings as assigned
Share knowledge and provide guidance to junior team members
Contribute to process improvement and automation initiatives within SIEM and detection workflows

Requirements

3+ years of hands-on systems engineering and architecture experience—including requirements definition, architecture development, use-case/story creation, and systems integration/testing.
3+ years of cloud experience in architecture, design, implementation, operations, and automation (AWS, Azure, or GCP).
Proven expertise with SIEM platforms (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) and enterprise antivirus (AV) solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender).
Understanding of AWS, Azure, or GCP platform capabilities (ideally as a Cloud Architect, Cloud DevOps Engineer, or Cloud Security Engineer).
Experience working in Agile environments with technical teams of three or more individuals.
Excellent communication, organizational, and problem-solving skills, with the ability to convey complex technical information clearly.
Strong documentation skills for creating technical diagrams, written descriptions, and other supporting materials.
Demonstrated ability to work both independently and as a member of a team, maintaining a professional attitude and demeanor.
Critical thinking skills to balance robust security requirements against mission objectives.
Proven track record of adapting quickly and efficiently in fast-paced, dynamic environments.
Proven track record delivering end-to-end SIEM solutions in large-scale or high-compliance environments—from initial design through operational handover.
Hands-on leadership or senior-level contribution in cloud security projects, collaborating across cross-functional teams (e.g., DevOps, architecture, compliance) to drive impactful security outcomes.
Documented success integrating multiple security tools (SIEM, AV, intrusion detection systems, etc.) into a cohesive, enterprise-wide monitoring solution.
History of working under strict regulatory or industry frameworks (e.g., FedRAMP, HIPAA, PCI), ensuring solutions meet required standards without sacrificing performance.
Demonstrable client-facing experience in a consulting or services capacity, maintaining professionalism and clear communication in high-stakes or fast-paced engagements.
Splunk Enterprise Certified Admin *or* SumoLogic Administration *or* Microsoft Security Operations Analyst Associate
AWS Solutions Architect Professional *or* AWS DevOps Engineer Professional *or* Azure Solutions Architect Expert* or* GCP Cloud Architect
Bachelor’s degree or equivalent work experience.

Benefits

paid parental leave
flexible time off
certification and training reimbursement
digital mental health and wellbeing support membership
comprehensive insurance options

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SIEM solutionslog collection infrastructuredetection rulescorrelation searchesalerting logiccustom parsersperformance tuningstorage managementcloud architecturesystems integration

Soft Skills

communication skillsorganizational skillsproblem-solving skillscritical thinkingteam collaborationindependent workprocess improvementadaptabilityleadershipdocumentation skills

Certifications

Splunk Enterprise Certified AdminSumoLogic AdministrationMicrosoft Security Operations Analyst AssociateAWS Solutions Architect ProfessionalAWS DevOps Engineer ProfessionalAzure Solutions Architect ExpertGCP Cloud ArchitectBachelor’s degree