Senior SIEM Engineer

Everforth ECS is seeking a Senior SIEM Engineer to work in our Washington, DC office. Please Note: This position is contingent upon contract award.

We are seeking a cleared Senior SIEM Engineer to support security monitoring, detection engineering, log management, alerting, reporting, and incident response capabilities for classified and sensitive law enforcement, national security, and criminal justice environments within the National Security Business Unit. The Senior SIEM Engineer will serve as a technical lead for SIEM operations, log onboarding, detection content development, dashboarding, alert tuning, incident triage, continuous monitoring, compliance reporting, and security analytics modernization. The Senior SIEM Engineer will support security monitoring, detection engineering, log management, alerting, reporting, and incident response capabilities for classified and sensitive environments serving law enforcement, national security, and criminal justice missions. This role focuses on improving visibility, analytics, and operational security across enterprise systems, applications, endpoints, networks, and security tools.

The Senior SIEM Engineer will also contribute to National Security Business Unit growth by identifying opportunities to improve threat visibility, expand log coverage, automate security workflows, enhance insider threat support, improve compliance reporting, and develop new cybersecurity analytics capabilities.

Responsibilities

• Configure, operate, tune, and maintain SIEM and security analytics platforms.
• Onboard log sources, troubleshoot data ingestion, and improve log coverage across systems, applications, networks, and endpoints.
• Develop correlation rules, alerts, dashboards, reports, and detection content.
• Support incident triage, investigation, security monitoring, compliance reporting, and continuous monitoring.
• Tune detections, reduce false positives, and improve alert quality.
• Coordinate with cybersecurity, infrastructure, application, network, and operations teams.
• Support insider threat, audit, vulnerability, and enterprise security initiatives.
• Mentor cybersecurity analysts, system administrators, ISSOs, incident responders, and infrastructure teams.
• Develop reusable playbooks, detection documentation, reporting templates, and knowledge-transfer materials.
• Identify opportunities for automation, expanded analytics, improved visibility, and new cybersecurity services.

Salary Range: $130,000 - $145,000

General Description of Benefits

• Active Top Secret clearance with SCI eligibility; TS/SCI preferred.
• 6 years of SIEM engineering, cybersecurity engineering, SOC support, detection engineering, or security monitoring experience.
• Experience with SIEM tools such as Splunk, Elastic, QRadar, or equivalent platforms.
• Knowledge of log ingestion, correlation rules, dashboards, alerting, incident response, vulnerability management, and compliance reporting.
• Ability to troubleshoot data ingestion and coordinate across technical teams.
• Strong documentation, analytical, and communication skills.