SIEM​/SOAR Engineer

Break Point Labs is seeking a SIEM/SOAR Engineer to manage, maintain, and optimize enterprise Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems. This position encompasses the upkeep of an enterprise Elastic cluster, ensuring the performance, availability, and security of the SIEM and SOAR infrastructure, and employing analytical and problem‑solving capabilities to identify, resolve, and preempt security vulnerabilities.

The engineer will collaborate extensively with security operations teams to maximize the efficacy of security systems investments.

Responsibilities include:

• Design, implement, and maintain SIEM and SOAR infrastructure (Elastic and other SIEM platforms).
• Manage and maintain an enterprise Elastic cluster to support SIEM operations.
• Monitor and analyze security events and incidents to protect information assets.
• Develop and maintain use cases, rules, and alerts for threat detection and response.
• Integrate SIEM and SOAR systems with other security tools and data sources.
• Automate security operations workflows and incident response procedures using SOAR platforms.
• Perform regular system monitoring and health checks to ensure the integrity and availability of SIEM and SOAR systems.
• Conduct performance tuning, capacity planning, and scalability assessments for SIEM and SOAR solutions.
• Implement and manage data ingestion pipelines for security event data.
• Apply updates, patches, and upgrades for SIEM and SOAR systems as needed.
• Create and maintain documentation for system configurations, processes, and standard operating procedures.
• Collaborate with security analysts, incident responders, and other teams to ensure effective use of SIEM and SOAR capabilities.
• Provide guidance and support to operations analysts on SIEM and SOAR tool usage.
• Stay current with trends, tools, and best practices in SIEM and SOAR technologies.
• Conduct research and recommend improvements to enhance the effectiveness of SIEM and SOAR solutions.
• Participate in on‑call after‑hours rotational support as needed.
• Position may include up to 25% travel, to include OCONUS, as needed.

Required Experience:

• 3+ years of experience maintaining an enterprise Elastic cluster.
• Proficient in managing and maintaining SIEM and SOAR solutions.
• Experience with Elasticsearch Enterprise (including Logstash and Kibana) for SIEM operations.
• Strong understanding of security event and incident management processes.
• Knowledge of scripting languages (Python, Power Shell) for automation and integration.
• Experience with threat detection and response methodologies.
• Strong knowledge of network protocols, solutions, and methodologies.
• Excellent troubleshooting, problem‑solving, and documentation skills.
• Strong communication and interpersonal skills.
• Ability to work collaboratively in a team‑oriented environment.
• Ability to prioritize and execute tasks in high‑pressure environments.
• DoD 8570 IASAE I or II & IAT II certifications required
• Preferred experience includes:
  • Experience with other SIEM platforms (e.g., Splunk).
  • Knowledge of security frameworks and standards (MITRE ATT&CK, NIST).
  • Familiarity with network and endpoint security technologies.
• Experience with security incident response and digital forensics.
• Familiarity with configuration management and automation tools.

Certifications

Required:

IASAE I or II & IAT II

Security

Clearance Required:

DoD Secret

Education Level

Required:

Bachelor’s Degree Area(s) of Study Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field, or equivalent work experience.