Key skills
AWSAzureCloudGoogle Cloud PlatformSplunkGCPGoogle CloudSumo LogicAgileLeadershipCommunicationCritical ThinkingCloud Security
About this role
Role Overview
- Maintain SIEM solutions (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in cloud environments (AWS, Azure, GCP) to support FedRAMP continuous monitoring requirements
- Maintain and support SIEM platforms (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in AWS, Azure, and GCP environments to support continuous monitoring and compliance requirements
- Manage and maintain log collection infrastructure including forwarders, collectors, and ingestion pipelines across hybrid environments
- Support SIEM performance tuning, storage management, retention settings, and licensing optimization under established operational guidelines
- Implement and maintain log retention and audit configurations aligned with FedRAMP and other compliance framework requirements
- Develop, tune, and maintain detection rules, correlation searches, and alerting logic to identify security events
- Create and maintain custom parsers and field extractions for complex or proprietary log sources
- Reduce false positives through ongoing rule tuning, baseline analysis, and detection improvement efforts
- Participate in peer reviews of detection rules and SIEM configuration changes
- Monitor SIEM alerts and investigate security events to support incident response and threat hunting activities
- Contribute to development and maintenance of detection and response playbooks and operational procedures
- Support troubleshooting of SIEM ingestion, parsing, and performance issues
- Work with infrastructure and application teams to onboard new log sources and improve security visibility
- Collect and organize SIEM control evidence and artifacts for audits and 3PAO assessment activities
- Ensure SIEM configurations support required controls such as audit review, log integrity, and time synchronization
- Create and maintain SIEM architecture, detection, and operational documentation and runbooks
- Provide technical support during client reviews and operational meetings as assigned
- Share knowledge and provide guidance to junior team members
- Contribute to process improvement and automation initiatives within SIEM and detection workflows
Requirements
- 3+ years of hands-on systems engineering and architecture experience—including requirements definition, architecture development, use-case/story creation, and systems integration/testing.
- 3+ years of cloud experience in architecture, design, implementation, operations, and automation (AWS, Azure, or GCP).
- Proven expertise with SIEM platforms (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) and enterprise antivirus (AV) solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender).
- Understanding of AWS, Azure, or GCP platform capabilities (ideally as a Cloud Architect, Cloud DevOps Engineer, or Cloud Security Engineer).
- Experience working in Agile environments with technical teams of three or more individuals.
- Excellent communication, organizational, and problem-solving skills, with the ability to convey complex technical information clearly.
- Strong documentation skills for creating technical diagrams, written descriptions, and other supporting materials.
- Demonstrated ability to work both independently and as a member of a team, maintaining a professional attitude and demeanor.
- Critical thinking skills to balance robust security requirements against mission objectives.
- Proven track record of adapting quickly and efficiently in fast-paced, dynamic environments.
- Proven track record delivering end-to-end SIEM solutions in large-scale or high-compliance environments—from initial design through operational handover.
- Hands-on leadership or senior-level contribution in cloud security projects, collaborating across cross-functional teams (e.g., DevOps, architecture, compliance) to drive impactful security outcomes.
- Documented success integrating multiple security tools (SIEM, AV, intrusion detection systems, etc.) into a cohesive, enterprise-wide monitoring solution.
- History of working under strict regulatory or industry frameworks (e.g., FedRAMP, HIPAA, PCI), ensuring solutions meet required standards without sacrificing performance.
- Demonstrable client-facing experience in a consulting or services capacity, maintaining professionalism and clear communication in high-stakes or fast-paced engagements.
- Splunk Enterprise Certified Admin or SumoLogic Administration or Microsoft Security Operations Analyst Associate
- AWS Solutions Architect Professional or AWS DevOps Engineer Professional or Azure Solutions Architect Expert* or* GCP Cloud Architect
- Bachelor’s degree or equivalent work experience.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- Splunk
Benefits
- paid parental leave
- flexible time off
- certification and training reimbursement
- digital mental health and wellbeing support membership
- comprehensive insurance options