Senior SIEM Engineer

Required Qualifications:

• Bachelor’s degree and a minimum of 8 years of related experience in cybersecurity or information technology or 12 years of experience and a HS Degree/Diploma.
• At least 8 years of professional cybersecurity experience.
• Minimum 4 years of hands-on experience with Arc Sight or Splunk platforms.
• Expertise in the design, implementation, and support of SIEM core components such as ESM, Loggers, Smart Connectors (Arc Sight) or Indexers, Forwarders, Search Heads, and Cluster Managers (Splunk).
• Proven ability to configure and administer data ingestion, forwarding, and parsing for multiple log sources.
• Strong troubleshooting skills related to log feeds, field extractions, and search performance.
• Demonstrated experience creating dashboards, visualizations, and analytics to support security operations.
• Certification:
  Must hold at least one IAT Level III certification such as CASP+, CISA, CISSP, GCED, or GCIH.
• Must be a US Citizen.
• Must be able to obtain and maintain the required agency clearance.

• CISSP certification (highly desirable).
• Deep understanding of networking fundamentals (ports, protocols, routing, firewalls, and proxies).
• Familiarity with cloud monitoring, hybrid log ingestion, and API integrations.
• Experience with automating SIEM tasks using scripting languages (Python, Power Shell, etc.).
• Strong communication skills with the ability to work effectively in cross-functional technical teams.
• Prior experience supporting federal or DoD cybersecurity programs is preferred.

Peraton is seeking a Senior SIEM Engineer. This position plays a critical role in strengthening the Agency's cybersecurity posture, enhancing system resilience, and ensuring the protection of national security and diplomatic information assets. As part of a high-impact program, you will lead the design, implementation, and optimization of SIEM solutions to deliver real-time visibility, actionable intelligence, and advanced threat detection capabilities across complex cloud and on-prem environments.

• Design, implement, and maintain SIEM solutions (Arc Sight or Splunk) to support enterprise-level monitoring and threat detection.
• Configure and deploy data collection mechanisms across diverse operating systems, applications, and network platforms.
• Integrate log sources and security data from multiple environments (on-premises and cloud) into the SIEM for centralized monitoring.
• Develop and maintain dashboards, correlation rules, alerts, and analytics to identify anomalous activity and potential security incidents.
• Troubleshoot and resolve dataflow, indexing, and ingestion issues between SIEM components.
• Support auditing, incident response, and system health monitoring processes.
• Collaborate with cybersecurity analysts, network engineers, and system administrators to enhance detection and response capabilities.
• Recommend improvements to logging, data normalization, and enrichment to improve detection fidelity.
• Assist in SIEM architecture upgrades, scalability improvements, and performance tuning.
• Provide technical documentation, standard operating procedures (SOPs), and guidance to ensure consistent SIEM operations and compliance.