Senior SIEM Engineer at RedMatter Solutions LLC – Washington, District of Columbia

We are seeking a Senior SIEM Engineer to design, engineer, and operate a Security Information and Event Management (SIEM) capability supporting classified enterprise environments. You will lead log onboarding and normalization, correlation/detection engineering, content tuning, dashboarding, and integration with security operations workflows to improve detection, response, and compliance outcomes.

Key Responsibilities

• Engineer, administer, and optimize SIEM platforms (e.g., Splunk ES, QRadar, Elastic/Sentinel-like stacks where applicable) in high-security environments.
• Lead end-to-end log onboarding: requirements gathering, data source integration (agents, syslog, APIs), parsing/field extraction, normalization (e.g., CIM-like models), and validation.
• Develop and maintain detection content: correlation rules, searches/queries, alerts, notable events, risk scoring, and use-case mappings to threats/techniques.
• Perform SIEM tuning to reduce false positives and improve fidelity: thresholding, suppression, whitelisting, enrichment, and baselining.
• Build and maintain dashboards, operational metrics, and executive-level reporting (coverage, alert volume, MTTD/MTTR contributions, top detections, data health).
• Implement data enrichment integrations (asset inventory, identity, vulnerability data, threat intel feeds) to improve investigation context.
• Support SOC operations by assisting with triage, investigation, and incident response; create playbooks and analytical workflows aligned to operational procedures.
• Ensure platform health and performance: index/storage planning, forwarder/collector management, retention, search performance, scaling, and HA/DR considerations.
• Participate in change/configuration management: lab testing, implementation planning, validation steps, rollback plans, and documentation updates.
• Support compliance requirements through audit-ready evidence, control implementation support, and continuous monitoring reporting.
• Create and maintain technical documentation: data source catalogs, onboarding runbooks, parsing guides, detection engineering standards, and troubleshooting procedures.
• Mentor junior engineers/analysts and standardize content development practices (templates, peer review, release management for detections).

Required

• Active Top Secret clearance (required).
• 8+ years of cybersecurity engineering experience with 4+ years focused on SIEM engineering/administration in enterprise environments.
• Strong proficiency with SIEM query languages and content development (e.g., SPL, AQL, KQL/ES DSL equivalents) and detection engineering methodology.
• Proven experience integrating common log sources: Windows event logs, Linux audit/syslog, network/security devices (firewalls, IDS/IPS, proxies), EDR, authentication/IdP, DNS, email, cloud logs (as applicable).
• Experience with log parsing/normalization, data quality validation, and troubleshooting ingestion pipelines (collectors, forwarders, agents).
• Understanding of attacker tactics/techniques and how to translate them into detections (e.g., MITRE ATT&CK mapping).
• Working knowledge of vulnerability management, asset/CMDB data, and identity context to support enrichment and investigations.
• Strong operational discipline in incident/change processes, documentation, and working under time pressure.
  

Preferred

• Platform-specific certifications (preferred): Splunk Core/Power User/Admin/ES, IBM QRadar certs, Elastic certs, or equivalent.
• Experience integrating SOAR platforms and automations (e.g., Phantom, XSOAR, Swimlane) and building automated response workflows.
• Familiarity with EDR platforms and telemetry (e.g., Defender for Endpoint, CrowdStrike, Carbon Black) and building detections using endpoint events.
• Experience with scripting/automation (Python, PowerShell, Bash) to support data onboarding, enrichment, and content deployment.
• Knowledge of STIG/SRG hardening, RMF/ATO environments, and audit support in classified settings.
• Experience building/operating SIEM in segmented or multi-enclave architectures.