Key skills
AnsibleCloudCyber SecurityPythonServiceNowSplunkTerraformZero Trust
About this role
Role Overview
- Lead the design, validation, and delivery of cybersecurity architectures for DoD/DHS customers, with primary emphasis on SIEM/SOAR platforms (Splunk, Elastic) and associated automation
- Own the cybersecurity practice roadmap: define offerings, standards, templates, and Lab validation paths for SIEM/SOAR modernization, SOAR orchestration, log management, threat hunting, and incident response
- Architect integrated solutions that combine Splunk/Elastic with complementary tools (Forcepoint UAM, ServiceNow SecOps, Mattermost playbooks, Everfox CDS, RedSeal, Corelight, Wiz, Pure Storage)
- Drive automation of security operations (Compliance-as-Code, automated STIG validation, policy enforcement, SOAR playbooks) to reduce manual effort and audit risk
- Serve as technical lead on proposals, RFIs, and customer briefings—translate mission needs into defensible, repeatable architectures
- Mentor and develop cybersecurity engineers; establish repeatable delivery patterns and knowledge artifacts (reference designs, runbooks, playbooks)
- Ensure all solutions meet federal compliance (RMF, ATO, STIG, Zero Trust mandates) and are deployable across IL5/6/7 environments
- Collaborate with Network, Tactical Infrastructure, and Hybrid Cloud practices to deliver unified, mission-ready platforms
Requirements
- 12+ years of hands-on cybersecurity architecture and engineering experience in federal/DoD environments
- Deep expertise in Splunk and Elastic (SIEM, XDR, SOAR, EDR, log management, observability)
- Proven ability to design and implement SIEM/SOAR solutions, including correlation rules, dashboards, playbooks, and orchestration workflows
- Strong automation background: scripting (Python, Ansible), Compliance-as-Code, Infrastructure-as-Code (Terraform), and SOAR automation
- Experience integrating SIEM/SOAR with endpoint (Elastic EDR, Forcepoint UAM), network visibility (Corelight, RedSeal), cloud vulnerability (Wiz), and storage/forensics (Pure Storage, Snare)
- Minimum of an active Secret clearance
- Required Certifications: CISSP (or equivalent) Splunk Certified Architect/Power User
Tech Stack
- Ansible
- Cloud
- Cyber Security
- Python
- ServiceNow
- Splunk
- Terraform
Benefits
- Health insurance
- Retirement plans
- Paid time off
- Flexible work arrangements
- Professional development