Lead SIEM Engineer with Security Clearance

• Lead SIEM Engineer/Analyst
• Splunk Location: Alexandria, VA (Mark Center) ASE is seeking a Lead SIEM Engineer/Analyst – Splunk to support one of our federal government clients.

The position is a TEMPORARY hybrid therefore requiring onsite presence 3-days a week at our main customer location in Alexandria, Virginia as required.

• Log Source Validation & Compliance Alignment ◦ Ensure log review SOPs align with STIG and organizational requirements.

• Log Review & Anomaly Detection ◦ Perform regular analysis of log data to identify anomalies, misconfigurations, or potential threats.

• SIEM Integration & Data Feed Management ◦ Integrate DHRA and third-party data feeds into the Splunk SIEM platform.

• Alerting, Correlation & Use Case Development ◦ Develop and tune correlation rules, filters, and alerts to detect significant security events.

• System Maintenance & Component Deployment ◦ Deploy and upgrade Splunk components including ESM, SOAR, and UBA modules.

• Log Retention, Rotation & Archival Oversight ◦ Monitor log rotation and archival processes to ensure compliance with retention policies.

• Security Event Analysis & Trend Monitoring ◦ Conduct in-depth analysis of network, system, and application logs.

• Collaboration & Continuous Improvement ◦ Work with stakeholders to refine logging strategies and respond to audit findings.

◦ Recommend improvements based on policy changes, technology updates, and security needs.

• Clearance: ◦ For candidates possessing a security clearance: An active Secret or Top Secret.
• This position requires the successful applicant to obtain and maintain the required security clearance or other authorization(s) within the necessary timeframe required by applicable contract(s).
• Active DoD 8570 IAT Level III certification (Security+ CE, CISSP, etc.) and relevant Computer Environment Certification
• 8+ years in cybersecurity operations, with specific expertise in Splunk and UBA and SOAR technologies.
• 5+ years of experience with an enterprise Logging and Security Information and Event Management (SIEM) solution, to include log collections, management, correlation, aggregation.

• This is a hybrid (3-days per week onsite) position in Alexandria, Virginia as required.
• Ability to support Cybersecurity reviews, SOP development and maintenance including assisting in the generation of security artifacts, such as security plans, POA&M, and security CONOPS.
• Splunk Training and Certification: ◦ Core Certified Power User (must have) ◦ Splunk Enterprise Security Certified Admin ◦ Splunk Certified Cybersecurity Defense Analyst Splunk ◦ Splunk Certified Architect