Senior Security Operations Center Engineer - Security Tooling

Everforth ECS is seeking a Senior Security Operations Center Engineer - Security Tooling to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award. The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts. Responsibilities Provides advanced engineering support for enterprise cyber defense operations by designing, integrating, and sustaining security operations tooling across classified and unclassified environments. Architects, configures, and optimizes Security Information and Event Management platforms such as Splunk and Elastic to ingest, normalize, and correlate high-volume log data from network, endpoint, cloud, and application sources. Engineers security orchestration and automation workflows using SOAR platforms to accelerate detection, triage, containment, and response actions in alignment with Cyber Incident Handling Program guidance. Develops and tunes correlation rules, analytics queries, and threat detection logic to improve signal fidelity, reduce false positives, and increase adversary visibility. Integrates threat intelligence feeds, endpoint security platforms, vulnerability scanners, and cloud security tools to enable end-to-end situational awareness. Designs and maintains operational dashboards supporting SOC leadership decision-making, incident prioritization, and mission risk visibility. Supports continuous monitoring by maintaining tool health, data pipelines, and performance baselines while coordinating maintenance windows and upgrades. Collaborates with SOC analysts, incident responders, vulnerability management teams, and system engineers to translate operational requirements into scalable technical solutions. Produces automation artifacts, integration documentation, and operational metrics supporting readiness reporting, response efficiency, and sustained cyber defense effectiveness in support of mission assurance and information advantage. Performs other duties as assigned. Required Skills Current Secret security clearance. A minimum of 10 years of experience in cybersecurity engineering, security operations, or a closely related discipline, with demonstrated expertise in enterprise security tooling design and integration in a federal, defense, or intelligence community environment. Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC. Hands‑on experience architecting, configuring, and administering enterprise SIEM platforms, specifically Splunk or Elastic, including log ingestion pipelines, normalization, correlation rule development, and detection tuning across multi‑source, high‑volume environments. Demonstrated experience engineering SOAR‑based automation workflows for detection, triage, containment, and incident response operations, with the ability to design and maintain integration pipelines connecting security tooling across endpoint, network, cloud, and application layers. Strong problem‑solving and decision‑making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution. Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end‑users to executive management). Desired Skills Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility. Experience operating security tooling within classified multi‑enclave environments, including NIPRNet, SIPRNet, and JWICS, with familiarity navigating the security constraints and accreditation requirements associated with cross‑domain tool deployment. Familiarity with the DoW Risk Management Framework (RMF), Zero Trust Reference Architecture, and NIST security control implementation as applied to continuous monitoring, Identity and Access Management (IdAM), and cloud security operations across government‑accredited environments. Experience integrating and operationalizing threat intelligence platforms and vulnerability management tools within a SOC environment, including the development of threat detection logic informed by current adversary tactics, techniques, and procedures. Background working within Agile or DevSecOps delivery models, with demonstrated ability to embed security tooling engineering activities into sprint cycles, change management workflows, and pipeline‑driven software delivery processes. ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law. #J-18808-Ljbffr ECS