Enterprise Logging Solution; ELS Lead

Company Description

Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.

** This position is contingent upon contract award**

SOSi is seeking a highly qualified Enterprise Logging Solution (ELS) Lead to support a DHS enterprise cybersecurity program providing 24/7 Security Operations Center (SOC) services. The ELS Lead provides advanced technical leadership for enterprise-scale logging, monitoring, SIEM engineering, and telemetry integration efforts. This role ensures the reliability, performance, and modernization of CBP’s enterprise logging ecosystem across on-premises, cloud, and hybrid environments.

• Lead architecture, engineering, configuration, and optimization of enterprise logging platforms supporting DHS SOC operations.
• Serve as the senior technical authority for SIEM engineering, log ingestion pipelines, parsing, data normalization, enrichment, and storage strategies.
• Oversee onboarding of new data sources, including application, endpoint, network, cloud, and authentication telemetry.
• Maintain and enhance log health monitoring, pipeline resiliency, and log integrity validation.
• Coordinate with SOC analysts, Threat Hunt, IR, CTI, and engineering teams to ensure logging coverage aligns with detection, investigation, and compliance requirements.
• Develop, maintain, and troubleshoot log ingestion processes, forwarders, collectors, and APIs.
• Support dashboard, correlation rule, and alerting development by ensuring high-quality data availability.
• Ensure compliance with CBP logging standards, federal logging mandates, and Zero Trust visibility requirements.
• Lead modernization initiatives involving automation, cloud logging integrations, and data optimization.
• Provide detailed technical reporting, architectural documentation, and data dictionaries.
• Support vulnerability assessments, compliance audits, and cross-team engineering reviews.
• Mentor junior engineers and support knowledge transfer across the SOC.

• Minimum of 7+ years administering, engineering, or architecting enterprise logging or SIEM solutions in large-scale environments.
• Minimum of 5+ years hands-on experience as a senior SIEM engineer or administrator within Federal or enterprise SOC environments.
• Experience supporting Windows and Linux logging ecosystems, cross-platform log ingestion, and distributed system integrations.
• Experience with interconnected, heterogeneous enterprise systems and cloud environments (AWS, Azure).
• Demonstrated experience with log parsing, normalization, field extraction, data mapping, and ingestion pipeline troubleshooting.
• Strong networking background, including TCP/IP, DNS, HTTP/S, VPN, encryption, and certificate management.
• Experience supporting or integrating with automation/orchestration frameworks.
• Experience producing technical documentation, diagrams, and operational runbooks.

• Bachelor’s degree in Computer Science, Information Systems, Engineering, Cybersecurity, or related field.

Required (one of the following):

• Certified Splunk Architect II (priority)
• Splunk Certified Admin/Engineer (if Architect-level is in progress)

Preferred:

• CISSP
• Security+
• Cloud provider certifications (AWS, Azure)

• Must be able to obtain/maintain a Tier 5 (T5) investigation. CBP CSD may add TS or TS/SCI requirements on a case-by-case basis.

• Normal office conditions with potential to perform duties in various CONUS locations
• Core hours of operation are Monday through Friday, 0600 – 1700.
• May be requested to work evenings and weekends to meet program and contract needs.

Work Environment

• Work hybrid/on-site as required.
• Normal office conditions with potential to perform duties in CONUSlocations.
• Core hours of operation are Monday through Friday, 0600 – 1700.
• May be requested to work evenings and weekends to meet program and contract needs.

All interested individuals will receive consideration and will not be discriminated against for any reason.