Senior Security Engineer
TekSynap · Fort Belvoir, VA · 2 wk ago
Information Technology$180k–$245k/yrFull-time
Responsibilities
- Lead the design and implementation of security automation workflows using tools like Python, Ansible, and SOAR platforms to enhance efficiency and response capabilities across all network enclaves.
- Design, engineer, and secure cloud architecture within AWS IL-4/5 environments, implementing robust security controls and ensuring compliance with stringent DoD standards.
- Serve as the SIEM SME/Architect to enhance the agency’s SIEM platform by developing advanced security content, creating custom dashboards, integrating REST APIs, and onboarding new data sources to improve threat visibility.
- Serve as a senior engineer for security analytics across multiple platforms, including, but not limited to Microsoft Sentinel and Splunk. This involves developing and implementing advanced correlation rules, workload analytics, and threat intelligence models to detect and respond to anomalous activity.
- Serve as a senior technical resource and mentor for other team members, providing guidance on best practices for operating securely across classified and unclassified networks.
- Analyze and integrate new subscriber data and security tools into the existing ecosystem to enhance threat detection and response capabilities.
- Create and maintain clear, comprehensive technical documentation, including architectural diagrams and Standard Operating Procedures (SOPs) tailored for multi-enclave operations.
- Maintain and update SIEM content (dashboards, alerts, reports) in alignment with IR playbooks and SOAR workflows to accelerate analyst response times and improve detection fidelity.
Qualifications
- Active Top Secret Clearance with SCI eligibility.
- DoD 8570 / 8140 Compliance: Active IAT Level II and CSSP Infrastructure certification.
- 8+ years of relevant experience in a hands-on cybersecurity role within a DoD environment.
- Experience supporting or participating in incident response within a DoD CSSP or SOC environment, including evidence collection, timeline reconstruction, and post-incident reporting.
- Familiarity with NIST SP 800-61 (Computer Security Incident Handling Guide) as the baseline IR framework.
- Extensive, hands-on engineering experience and operating within multi-cloud IL-4/5 secure cloud environments.
- Demonstrated experience working across multiple network classification levels (NIPR, SIPR, and JWICS).
- Advanced, hands-on experience with security analytics platforms, including Splunk (Enterprise/ES), Elastic, and Microsoft Sentinel.
- Strong, demonstrable proficiency in scripting and automation for security tasks using languages like Python, PowerShell, Bash, or Ansible, including experience with API integrations.
- Solid foundation in Linux/Unix administration and command-line operations necessary for managing backend SIEM and security infrastructure.