TS​/SCI Cyber Security Engineer

CANDIDATES MUST HAVE AN ACTIVE TOP-SECRET SCI SECURITY CLEARANCE TO BE CONSIDERED FOR THIS ROLE!!

• Active Top-Secret SCI (TS/SCI) security clearance
• Active GIAC Machine Learning Engineer (GMLE) certification or a bachelor's degree in computer science
• 2-3+ years of experience using SIEM technology (Arc Sight, Splunk, and/or ELK) for log handling, reports, filters, rule creation, etc.
• 2-3+ years of network traffic analysis experience (understanding protocols and identifying ports)

• Experience with DoD (Air Force, Navy, Army, etc.) Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
• Experience with MITRE ATT&CK framework
• Experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom or Demisto
• Experience with Python and Power Shell

Insight Global is seeking a SIEM Cyber Security Engineer to support a critical mission focused on detecting, analyzing, and responding to cyber threats across a large enterprise environment. This role plays a key part in improving security visibility, reducing false positives, and ensuring early detection of malicious activity through effective SIEM content and automation.

Key responsibilities include:

• Analyze cyber defense (DCO) events and security logs to identify malicious or suspicious activity
• Apply current industry SIEM best practices to improve detection accuracy and overall performance
• Correlate security alerts with enriched log data to distinguish legitimate threats from false positives
• Monitor and assess the effectiveness of security controls, including identifying unauthorized outbound connections
• Develop and maintain SIEM detections and use cases through enterprise‑wide log analysis
• Build dashboards and visualizations that highlight adversary behavior and security trends
• Create virtual “tripwires” using log data to enable early threat detection
• Design, implement, test, and tune SIEM solutions to optimize performance and reliability
• Build, test, and validate SIEM rules, filters, and correlation logic
• Continuously tune SIEM content to reduce noise caused by known behavior, false positives, and system errors
• Analyze malware threats and develop behavior‑based detections to alert on or prevent malicious activity
• Automate SIEM tasks using scripting or programming languages
• Create scheduled and ad‑hoc reports using SIEM tools to support operational and compliance needs
• Develop and maintain SIEM documentation, processes, and knowledge repositories
• Track metrics and trends to measure detection effectiveness and improve mission outcomes
• Support operational leadership with SIEM content development and reporting needs