The Intelligence Group at Leidos currently has an opening for a SIEM (Security Information and Event Management) Engineer to join a high performing agile team using the Scaled Agile Framework (SAFe) methodology to support a nationally significant and fast-paced program. Program execution follows DEVOPS best practices and employs robust development, test, and production environments. We are using Behavior Driven Development (BDD) and test automation tools alongside a full suite of team collaboration tools. Leidos is the prime contractor providing system engineering, development, test, integration, and operational support. The program focused on injecting new technology and adding advanced capabilities while continuing to support an on-going mission and operational system.
The SIEM Engineer is responsible for configuring the collection, parsing, correlation, and visualization of events for a critical operational system. The successful candidate will demonstrate strong skills in system administration, log management, event correlation, and threat detection.
The SIEM Engineer will support building and maintaining a system that analyzes collected data and derives facts, inferences, and projections to determine if the systems being monitored are operating normally. This individual will work on a team responsible for configuring the systems which support analysts and end-users. The successful candidate will support the collection and extraction of data used to refine existing and new reports, analytics, and dashboards, and will be involved with the drafting and creation of reports and dashboards based on end-user requirements. She/he will also support the integration of resources across teams to better define the audit data being collected to eliminate false positives and false negatives from the data.
Security Clearance requirement:
Candidates must possess an active TS/SCI with Polygraph to be considered for this role.
- A bachelor’s degree in computer science or related discipline and eight (8) years of relevant experience are required. Additional experience may be substituted for a degree.
- At least 2 years of experience with one or more of the following: StealthWatch, TripWire, Zenoss, ArcSight, Splunk.
Experience in design, implementation, and support of Splunk core components; including indexers, forwarders, search heads, and cluster managers.
Experience with configuration and administration of Splunk ingestion and forwarding for new and existing applications and data.
Experience with troubleshooting Splunk dataflow issues between various Splunk core components.
Understanding of networking components and devices, ports, protocols, and basic networking troubleshooting steps.
The ability to troubleshoot issues with log feeds, search time, and field extractions.
Experience configuring and deploying data collection for a variety of operating systems and networking platforms.
Experience creating Dashboards and Analytics within SIEM tools.
Experience working with monitoring systems supporting auditing, incident response, and system health.
The ability to troubleshoot problems related to data solutions.
- Network Security Operations Center (SOC) experience preferred.
- Experience and talent in data visualization.
- Experience creating workflows for Incident Response within a SIEM Tool.
- Security+ Certification.
- GIAC Certified Incident Handler Certification.
- GIAC Cyber Threat Intelligence Certification.
- Cybersecurity certifications
- SIEM training
Pay Range:Pay Range $97,500.00 - $150,000.00 - $202,500.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.