Senior SIEM Engineer

Position Description

Valiant Solutions is seeking a Senior SIEM Engineer to join our rapidly growing and innovative cybersecurity team!

The Senior SIEM Engineer serves as the technical lead for the design, deployment, tuning, and sustainment of the enterprise Security Information and Event Management (SIEM) platform that supports the client's Security Operations Center (SOC). This role owns the health and performance of the SIEM environment that ingests logs and telemetry across endpoint, network, cloud, operating system, and application layers, and feeds the 24x7x365 monitoring mission. Working alongside SOC analysts, threat hunters, engineering teams, and the client's stakeholders, the Senior SIEM Engineer translates detection requirements into production-ready content, integrates the SIEm with SOAR, EDR, CDM, and identity platforms, and builds the dashboards, correlation searches, and data models that allow Tier 1 through Tier 3 analysts to triage, investigate, and respond to threats within the client's's contractual timeframes. The position requires deep, hands-on SIEM expertise, strong cloud and federal cybersecurity context, and the judgment to balance ingest costs, data quality, detection coverage, and compliance with OMB M-26-14, NIST SP 800-53, NIST SP 800-61, and NIST SP 800-137.

Named one of the Best Places to Work in the Washington DC area for 12 consecutive years , Valiant is proud of our employee-centric culture and commitment to excellence. If you are interested in learning more about Valiant and this opportunity, we invite you to apply now!

Location: Remote, ideally in the Washington, DC Metro Area. Remote work requires a high level of trust in our employees, and we strictly adhere to the details outlined in our Remote Work Policy below. 

Eligibility Requirements: U.S. Citizenship is required due to federal contract obligations, and applicants must be able to successfully pass a federal background investigation .

Required Experience:

• Eight or more years of cybersecurity engineering experience, with at least five years dedicated to SIEM architecture, administration, and content development.
• Hands-on experience designing and operating distributed SIEM deployments at enterprise scale, including indexer clusters, search head clusters, heavy and universal forwarders, deployment servers, and license management.
• Demonstrated experience writing, tuning, and optimizing queries, correlation searches, data models, accelerated summaries, lookups, and macros.
• Working knowledge of security focused SIEM components, including notable event framework, risk-based alerting, asset and identity frameworks, and adaptive response actions.
• Experience in onboarding diverse data sources at scale, including operating system logs, network flow and packet data, cloud platform logs (AWS CloudTrail, GuardDuty, VPC Flow, Config), endpoint telemetry, application logs, and identity provider logs.
• Experience integrating SIEM with SOAR platforms, Endpoint Detection and Response tools, Continuous Diagnostics and Mitigation (CDM) data feeds, vulnerability management platforms, and ticketing systems such as ServiceNow.
• Working knowledge of AWS GovCloud services and the design patterns used to forward, normalize, and secure log data from cloud-native sources.
• Familiarity with the MITRE ATT&CK framework and experience translating adversary techniques into SIEM detection content.
• Working knowledge of NIST SP 800-53, NIST SP 800-61, and NIST SP 800-137, and the ability to map SIEM controls and continuous monitoring practices to those frameworks.
• Experience supporting incident response activities, including building investigation dashboards, preserving log evidence, and producing artifacts for post-incident reporting.
• Strong scripting and automation skills in at least one of Python, Bash, or PowerShell, and comfort with version control using Git.
• Beneficial Splunk certifications: Splunk Core Certified Power User and Splunk Enterprise Certified Admin. Splunk Certified Architect, Splunk Enterprise Security Certified Admin, or Splunk Core Certified Consultant is strongly preferred.
• Required to obtain and maintain a Non-Sensitive / High Risk (Public Trust) security clearance at the Tier 4/6c level.
• Strong written and verbal communication skills, with the ability to brief technical findings to SOC leadership, ISSOs, and senior Government officials.

Responsibilities:

• Lead the architecture, deployment, upgrade, and sustainment of the SIEM environment supporting the client's SOC, including indexer and search head clusters, forwarders, and supporting infrastructure.
• Monitor SIEM platform health, license usage, indexing latency, search performance, and ingest rates, and proactively address capacity, performance, and availability issues.
• Onboard new data sources by defining requirements, configuring inputs and forwarders, building parsing and field extractions, and validating Common Information Model (CIM) compliance.
• Develop, tune, and maintain correlation searches, notable events, dashboards, reports, and data models that support Tier 1 triage within fifteen minutes of detection and Tier 2 analysis within four hours of escalation.
• Build and maintain SOC dashboards that provide real-time visibility into the client's security posture, supporting both day-to-day operations and executive reporting.
• Translate detection requirements from threat hunters, CTI analysts, and engineering teams into production SIEM content mapped to the MITRE ATT&CK framework.
• Integrate SIEM with SOAR, EDR, NDR, DLP, CDM, vulnerability management, and identity platforms to support automated triage, enrichment, and response.
• Reduce false positive rates and alert fatigue by tuning correlation rules, refining thresholds, and applying risk-based alerting techniques.
• Support incident response by building investigation queries, producing timeline reconstructions, preserving evidence, and contributing artifacts to initial incident reports within one hour of confirmation and final reports within seventy-two hours.
• Author and maintain Engineering Design Documents, Standard Operating Procedures, runbooks, and configuration guides for the SIEM environment, and review them on the cadence required by the SOC CONOPS.
• Partner with the Security Architect and engineering leads to align SIEM design with Zero Trust principles, the client's Technology Standards, and the agency's broader cybersecurity reference architecture.
• Manage SIEM-related changes through the client's change control process, including impact assessments, back-out plans, and presentations to the Engineering Review Board and Change Control Board.
• Provide knowledge transfer and informal training to SOC analysts, engineers, and system owners on SIEM usage, search development, and dashboard interpretation.
• Apply secure configuration baselines, role-based access controls, and audit logging to the SIEM environment to meet federal compliance requirements.
• Track and report on SIEM-related metrics, including ingest volume by source, detection coverage by MITRE technique, mean time to detect, and platform availability.
• Stay current on SIEM product roadmap items, new applications and add-ons, and emerging detection techniques, and recommend improvements to the client's SIEM strategy.

About Valiant Solutions

Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you’ll learn to think quickly on your feet and expand your own personal and professional skill set. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect – and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.

Benefits Snapshot (includes, but not limited to) Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time EmployeesValiant contributes 25% towards Health Coverage for Family and Dependents100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees100% Paid Certifications401K Matching up to 4%Paid Time OffPaid Federal HolidaysWellness & Fitness ProgramValiant University – Online Education and Training PortalFSA programs for: Medical Costs, Dependent Care, Transit, and ParkingReferral Bonuses

Remote Work Policy  

Remote work necessitates a high level of trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention and availability to their job duties during working hours, and maintain a schedule during core business hours that align with those of their coworkers and Valiant's clients. In alignment with Valiant's inclusive and engaging environment, cameras are encouraged and can be required to be on during virtual video conferences. Additionally, in alignment with the Office of the Inspector General’s effort to eliminate conflicting employment, all Valiant employees are required to disclose any current or future outside employment engagements. During onboarding and throughout employment, employees must disclose any current activities or intent to engage in outside employment or other professional activities and obtain written approval. Employees may not solicit or conduct any outside business during core business hours for Valiant Solutions and our clients.

Equal Employment Opportunity

Valiant Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetic information, marital status, or veteran status, in accordance with applicable law.

Physical Demands

Sitting or standing at a desk for prolonged periods of time and consistent operation of a computer. Frequent communication and exchanging of accurate information via electronic communication, phones, and in person. Occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Authorization to Share Resume and Personal Information

By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as, personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.

#LI-KW1