Description
Description
Science Applications International Corporation (SAIC) is seeking an experienced and highly skilled Senior Sentinel SIEM Engineer to join our Information Security team. The ideal candidate will lead the deployment, configuration, and optimization of Microsoft Sentinel to enhance our security monitoring and incident response capabilities. This role requires deep technical expertise, strong analytical skills, and the ability to guide and mentor junior staff. Additionally, expertise in Sentinel SIEM, Azure Data Explorer, Kusto Query Language (KQL), Logic Apps, and Function Apps is highly preferred to drive advanced security operations and automation. This position reports to the Technical Director as the primary technical engineer and architect responsible for cyber systems implementation and maintenance.
Essential duties of this position include:
· Lead the implementation, configuration, and ongoing management of Microsoft Sentinel SIEM.
· Integrate diverse data sources, including cloud and on-premises systems, into Sentinel for comprehensive security monitoring.
· Develop and fine-tune advanced detection rules, alerting mechanisms, and use cases to identify and respond to sophisticated security threats.
· Develop and maintain integration solutions using Azure Logic Apps to automate business processes and integrate with various systems and services.
· Design, develop, and maintain serverless applications using Azure Function Apps to support security operations and automation.
· Implement and manage incident response playbooks and ensure timely resolution of security incidents.
· Design and implement log management strategies to ensure effective aggregation, normalization, and analysis of security data.
· Develop and deploy complex automation playbooks to streamline incident response and remediation processes.
· Create custom scripts (e.g., PowerShell, Python) to enhance automation and improve operational efficiency.
· Building and maintaining robust data ingestion pipelines using Azure Data Explorer to handle large volumes of data with high throughput and low latency.
· Writing, optimizing, and managing complex Kusto queries to retrieve and manipulate data efficiently.
· Designing and implementing efficient data models to support analytical and operational use cases.
· Generate comprehensive security reports and dashboards, providing detailed insights into the organization's security posture.
· Ensure that the SIEM solution complies with relevant regulatory standards and industry best practices (e.g. HIPAA, NIST).
· Drive continuous improvement initiatives to enhance the effectiveness of the SIEM solution based on evolving security needs and emerging threats.
· Stay current with the latest cybersecurity trends, tools, and practices.
· Mentor and guide junior SIEM engineers, fostering a culture of continuous learning and development within the team.
· Participate in the development of the organization's security strategy and contribute to its execution.
Qualifications
Required Education and Qualifications:
· BS Degree and 5+ years of experience required; 7+ years of experience is highly preferred or Masters and 3+ years of experience required; 5+ years of experience highly preferred.
· 3 years technical within the past 5 years of experience performing hands on engineering of SIEM.
· Candidates must pass a CJIS background check, citizenship required
Required Experience:
· Proven experience with Azure Data Explorer and Kusto Query Language (KQL).
· Proficiency in using Kusto Query Language (KQL) for data querying and analysis.
· Strong scripting skills (e.g., PowerShell, Python) and proficiency in using JSON for automation purposes.
· Expertise in integrating various security tools and data sources with SIEM.
· Advanced understanding of cybersecurity principles and practices.
· Excellent problem-solving skills and the ability to work in a fast-paced environment.
· Preferred Experience in Cloud Architecture – be able to create/validate architecture designs in various Cloud Platforms (AWS, Azure) Commercial and Gov
· Real world experience and working knowledge of FEDRAMP, NIST 800-53 controls, System Security Plan (SSP), and CIS hardening baselines.
· The ideal candidate will have extensive infrastructure experience including solution design; experience translating business requirements and objectives into IT strategy; and experience with one or more frameworks for best practice service delivery including ITIL v4 and TOGAF.
Preferred Experience:
· Familiarity with other Azure services such as Azure Stream Analytics, Azure Data Factory, and Power BI.
· Strong knowledge of data ingestion techniques and data pipeline design.
· Experience in designing data models for analytical and operational requirements.
· Experience in supporting State or Local Government IT environments
· 5 years technical and/or management experience supported industry and/or Government Sector cloud initiatives at an enterprise level.
· ITIL v4 certification preferred (Foundation or above)
· SIEM Product certification preferred.
· 3 years technical within the past 5 years of experience performing hands on engineering of EDR/NDR systems.
Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
Apply on company website
Find Connections via Linkedin
