SIEM Analyst (HYBRID)

Position Title: SIEM Analyst

Location: Smyrna, GA

Clearance Requirement: Active Secret

Certifications: IASAE Level II per DoD 8140

Employment Type: Full-Time (Hybrid)

Position Overview:

The SIEM Analyst is responsible for supporting the management, optimization, and continuous monitoring of Security Information and Event Management (SIEM) systems within Department of Defense (DoD) environments. This role focuses on reviewing, validating, and optimizing SIEM log sources, rule configurations, and system deployment metrics to ensure comprehensive and efficient threat detection.

The SIEM Analyst will collaborate with cybersecurity teams to develop processes and Standard Operating Procedures (SOPs) for effective SIEM log management, incident detection, and threat response. This position requires strong analytical skills, attention to detail, and a proactive approach to SIEM management and improvement. The ideal candidate will have experience with log analysis, configuration validation, and the identification of security misconfigurations in a SIEM environment.

Responsibilities:

Develop and Document SIEM Processes and SOPs:

• Assist in developing and documenting a process and SOP for the regular review and validation of SIEM logs and sources.
• Define procedures for identifying SIEM misconfigurations, evaluating SIEM rules, and generating reports on system deployment metrics such as active log source counts, log types, entities, and rules reviewed or modified.

SIEM Log Source Review:

• Regularly review and validate SIEM log sources in collaboration with cybersecurity experts to build or update asset profiles. Use these profiles to assess system risk and criticality, leveraging data from Mission Assurance, Configuration Management Database (CMDB), and other resources.

Establish and Maintain SIEM Log Review Schedules:

• Implement and manage a regular schedule for reviewing SIEM logs based on system sensitivity and risk profiles. Perform reviews daily, weekly, or monthly, depending on the system's criticality.
• Conduct weekly SIEM log reviews, focusing on identifying:
• Unusual system behavior
• Deviations from established baselines
• Configuration changes

Incident Reporting and Collaboration:

• Monitor and relay any anomalous or potentially malicious activity detected in the SIEM to Cyber Operations (Cyber Ops) Analysts.
• Provide timely communication and findings to cybersecurity leadership to ensure prompt action on security issues.

Continuous SIEM Rule Assessment:

• Conduct regular evaluations of SIEM rules to ensure their effectiveness in identifying potential security threats. Review 10-15 SIEM signatures monthly to ensure they are relevant and effective.
• Work with ISSM, ISO, and Cyber Ops Analysts to identify SIEM rules that need optimization to improve threat detection accuracy and reduce false positives.

Log Source Configuration Validation:

• Validate the configuration of log sources to ensure that all relevant security data is collected, ingested, and processed by the SIEM. Identify any missing or misconfigured log sources and create incidents (IRs) to assign these to the SIEM team for resolution.

Documentation and Reporting:

• Maintain detailed documentation on SIEM configurations, rule assessments, and incident reports.
• Generate and present reports with system deployment metrics to cybersecurity leadership, focusing on log source counts, rule modifications, and overall SIEM performance.

Minimum Qualifications:

Experience:

• 5-7 years of experience in cybersecurity or a related role, with hands-on experience managing SIEM systems.
• Strong understanding of log analysis, rule-based threat detection, and incident response processes.
• Familiarity with DoD cybersecurity policies and standards, including experience working with SIEM tools in a defense environment.

Education:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).

Certifications:

• Must meet DoD 8140/8570 IASAE Level II certification requirements, including one or more of the following certifications:
• CASP CE
• CISSP (or Associate)
• CSSLP

Clearance:

• Active DoD Secret clearance is required

Preferred Skills:

Technical Expertise:

• Proficiency with SIEM tools such as Splunk, ArcSight, LogRhythm or QRadar, and familiarity with DoD-specific implementations.
• Strong understanding of network security, log source validation, and rule-based threat detection.

Communication:

• Strong verbal and written communication skills, with the ability to collaborate with both technical and non-technical stakeholders.
• Experience preparing and delivering reports and presentations on SIEM performance and security incidents.

Problem Solving:

• Ability to think analytically and make data-driven decisions to optimize SIEM configurations and rule effectiveness.