SIEM Administrator / Security Monitoring Engineer

Tuvli is seeking a highly motivated, self-directed and experienced individual to fill the role of a SIEM Administrator/Security Monitoring Engineer for our existing government client in the Alexandria, VA. To join our team of outstanding professionals, apply today!

The SIEM Administrator / Security Monitoring Engineer is responsible for the deployment, configuration, administration, and optimization of enterprise Security Information and Event Management (SIEM) and security monitoring platforms in secure and air-gapped environments.

This role focuses on designing and maintaining security monitoring solutions, with primary experience in Elastic Stack and Splunk, while supporting other security analytics, log management, and monitoring technologies as required.

The position requires expertise in both platform engineering and operational configuration, including backend system administration, data ingestion pipelines, and front-end configuration such as dashboards, alerts, visualizations, and reporting used by cybersecurity analysts and Security Operations Centers (SOC).


Responsibilities

• Design, deploy, and administer enterprise SIEM platforms (e.g., Elastic Stack, Splunk), including scalable architecture, clustering, high availability, secure configuration (RBAC, authentication), and full lifecycle management in both connected and air-gapped environments.
• Manage SIEM operations in isolated networks by handling offline installations, dependency management, secure update ingestion (patches, plugins, threat intelligence), and enforcing system hardening and compliance requirements.
• Architect and maintain enterprise log ingestion pipelines by integrating diverse data sources (OS, network, security, identity systems), and implementing parsing, normalization, enrichment, and throughput optimization.
• Develop and tune detection logic, correlation rules, and alerting workflows aligned to frameworks such as MITRE ATT&CK, improving detection fidelity and reducing false positives while supporting threat hunting and investigations.
• Monitor and optimize platform performance through health monitoring, query and indexing optimization, storage and retention strategies, and capacity planning for scalable growth.
• Create dashboards, visualizations, and automated reporting to support SOC operations and leadership, while collaborating with analysts to enhance workflows and integrating new tools and data sources.
• Maintain comprehensive documentation, including system architecture, ingestion processes, SOPs, and audit/compliance artifacts.

Qualifications

• Experience supporting a Security Operations Center (SOC) environment.
• Experience with multiple SIEM or security analytics platforms preferred.
• Familiarity with threat detection methodologies and adversary frameworks.
• Experience with infrastructure automation or configuration management preferred.
• Professional certifications such as:
  • Splunk Certified Administrator.
  • Elastic Certified Engineer.
  • CISSP or equivalent cybersecurity certification.
• Advanced troubleshooting and analytical problem solving.
• Strong written documentation and process development.
• Collaboration with cybersecurity operations and infrastructure teams.
• Continuous improvement of enterprise security monitoring capabilities.
• Clearance: Minimum DoD Interim Secret Clearance is required.
• Candidate must reside within 50 miles of the Nation Capital Region (NCR)/ Washington DC.

Job ID

2026-21699
Work Type

Hybrid
Pay Range

105K to 130K
Benefits

Regular - The company offers a comprehensive benefits program, including medical, dental, vision, life insurance, 401(k) and a range of other voluntary benefits. Paid Time Off (PTO) is offered to regular full-time and part-time employees.
Company Description

Work Where it Matters

Tuvli, an Akima company, is not just another federal IT contractor. As an Alaska Native Corporation (ANC), our mission and purpose extend beyond our exciting federal projects as we support our shareholder communities in Alaska.

At Tuvli, the work you do every day makes a difference in the lives of our 15,000 Iñupiat shareholders, a group of Alaska natives from one of the most remote and harshest environments in the United States.

For our shareholders, Tuvli provides support and employment opportunities and contributes to the survival of a culture that has thrived above the Arctic Circle for more than 10,000 years.

For our government customers, Tuvli ensures that solutions are strictly aligned with agency processes and desired program outcomes while delivering the best value for technology investments.

As a Tuvli employee, you will be surrounded by a challenging, yet supportive work environment that is committed to innovation and diversity, two of our most important values. You will also have access to our comprehensive benefits and competitive pay in addition to growth opportunities and excellent retirement options.