SIEM Analyst

Overview

Title: SIEM Analyst

Location:
Smyrna, GA (Hybrid)

Clearance:
Active DoD Secret

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise – across the organization and around the world.

The SIEM Analyst is responsible for supporting the management, optimization, and continuous monitoring of Security Information and Event Management (SIEM) systems within Department of Defense (DoD) environments. This role focuses on reviewing, validating, and optimizing SIEM log sources, rule configurations, and system deployment metrics to ensure comprehensive and efficient threat detection.

The SIEM Analyst will collaborate with cybersecurity teams to develop processes and Standard Operating Procedures (SOPs) for effective SIEM log management, incident detection, and threat response. This position requires strong analytical skills, attention to detail, and a proactive approach to SIEM management and improvement. The ideal candidate will have experience with log analysis, configuration validation, and the identification of security misconfigurations in a SIEM environment.

• Assist in developing and documenting SOPs for regular SIEM log and source validation, including procedures for identifying misconfigurations, evaluating rules, and reporting deployment metrics such as active log source counts, log types, and entities reviewed.
• Regularly review and validate SIEM log sources with cybersecurity experts to build and maintain asset profiles, assessing system risk and criticality using Mission Assurance, CMDB, and related resources.
• Implement and manage review schedules — daily, weekly, or monthly — based on system sensitivity, focusing on detecting unusual behavior, baseline deviations, and configuration changes.
• Monitor and relay anomalous or potentially malicious SIEM activity to Cyber Ops Analysts, providing timely findings to cybersecurity leadership.
• Conduct monthly evaluations of 10–15 SIEM signatures, working with ISSM, ISO, and Cyber Ops Analysts to optimize rules, improve threat detection, and reduce false positives.
• Validate log source configurations to ensure all relevant security data is collected and processed, identifying missing or misconfigured sources and creating IRs for resolution.
• Maintain detailed documentation on SIEM configurations, rule assessments, and incidents, and present deployment metric reports to cybersecurity leadership.

• Active DoD Secret security clearance
• 3–5 years of cybersecurity experience with hands‑on SIEM management, strong log analysis and threat detection skills, and familiarity with DoD cybersecurity policies.
• Proficiency with SIEM tools such as Splunk, Arc Sight, Log Rhytm or QRadar.
• Bachelor's degree in Cybersecurity, IT, Computer Science, or related field (or equivalent experience).
• Must meet DoD 8140/8570 IASAE Level II requirements via CASP+ CE, CISSP (or Associate), or CSSLP.

Requirements of position:
Think analytically, effective verbal and written communication skills, make decisions, observe/remember details, interpret data, concentrate on tasks, adjust to change, handle stress/emotions. Regular attendance, maintain work schedule, attend meetings, meet deadlines, keyboard/type, handle confidential information, use math/calculations, stay organized, operate office equipment, may direct others. May be exposed to dust/dirt, humidity, and noise.

Foxhole Technology is an Equal Opportunity Employer and makes hiring decisions without regard to race, color, religion, sex (including pregnancy, childbirth and sexual orientation), national origin, age, disability, genetic information, military/veteran status, or any other protected class.