HHS - SIEM Engineer

cFocus Software seeks a SIEM Engineer to join our program supporting the Department of Health and Human Services (HHS). This position is remote. This position requires the ability a Public Trust clearance.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related discipline.
• Minimum 6–9 years of experience administering enterprise SIEM and logging platforms.
• Hands‑on experience with Splunk Enterprise and Splunk Enterprise Security.
• Strong understanding of log management, detection engineering, and SOC operations.
• Experience integrating cloud, endpoint, network, and application logs.
• Knowledge of NIST SP 800‑92, NIST SP 800‑137, NIST SP 800‑53, and federal logging requirements.
• Experience supporting audits, investigations, and compliance reporting.
• Strong written and verbal communication skills.
• Splunk Enterprise Certified Architect, Splunk Enterprise Certified Administrator, GCED, GCIA, or CISSP

• Administer and maintain a complex hybrid SIEM and logging infrastructure across on‑premises, IaaS, PaaS, SaaS, and multi‑cloud environments.
• Ensure SIEM operations comply with OMB M‑21‑31 logging requirements including log categories, retention, and accessibility.
• Perform data onboarding for new log sources including servers, applications, databases, network devices, cloud services, and security tools.
• Integrate SOC tools with the SIEM to enable automation, enrichment, and workflow orchestration.
• Develop, maintain, and optimize SIEM correlation searches, detection use cases, and alerting rules.
• Build and maintain dashboards, reports, and ad‑hoc searches for SOC analysts, ISSOs, auditors, and leadership.
• Monitor data accuracy, parsing integrity, timestamp normalization, and log completeness.
• Optimize SIEM performance including ingestion rates, indexing efficiency, storage utilization, and search response times.
• Implement SIEM changes following HRSA change management procedures with documented implementation and rollback plans.
• Develop and maintain SIEM applications, add‑ons, and custom content as required.
• Integrate threat intelligence feeds to enrich alerts and support advanced detection.
• Support incident response workflows by ensuring SIEM integration with ticketing and SOAR platforms.
• Support audit and assessment requests by providing SIEM evidence, logs, and compliance dashboards.
• Document SIEM architectures, workflows, SOPs, onboarding procedures, and operational processes.
• Update, patch, and maintain SIEM components in accordance with HHS and HRSA standards.
• Collaborate closely with the Federal Logging and SIEM SME and SOC leadership.
• Maintain an SLA of responding to SIEM support requests within two (2) business days.