Senior Security Information and Event Management Engineer

MANTECH seeks a motivated, career and customer-oriented Senior Security Information and Event Management Engineer to join our team in Doral, FL.

Responsibilities include but are not limited to:

• Designing, deploying, maintaining, and upgrading the SIEM infrastructure, which can include components like indexers, forwarders, and data collectors.

• Onboarding new data sources by collecting, parsing, and normalizing logs from various systems like firewalls, servers (Windows, Linux), network devices, and cloud platforms.

• Creating and fine-tuning correlation rules, alerts, dashboards, and reports to detect security threats and provide valuable insights to the security team. This is a critical function to identify anomalies and potential attack patterns.

• Developing scripts (often in Python or PowerShell) to automate tasks, streamline workflows, and enhance the SIEM's capabilities. This includes optimizing search queries and tuning rules to reduce false positives.

• Serving as the subject matter expert for the SIEM platform, troubleshooting, resolving technical issues, and ensuring the continuous flow and quality of data.

• Working closely with SOC analysts, incident response teams, and IT operations to understand their needs, improve detection capabilities, and support investigations.

Minimum Qualifications:

• BA/BS in field necessary to assume Senior Security Information and Event Management Engineer duties or a minimum of 9 years years of relevant experience.

• High School and 4 years of additional experience or Associate's Degree and 2 years of additional experience may be exchanged in lieu of a required Bachelor's degree

• A candidate holding a relevant Master’s degree may be granted 2 years’ experience credit for that extra education. A candidate holding a relevant PhD degree may be granted 4 years’ experience credit for that extra education.

• Hands-on experience with major SIEM solutions including Splunk, Microsoft Sentinel, IBM QRadar, LogRhythm, and Elastic SIEM.

• Proficiency in languages like Python, PowerShell, or Bash is often required for automation, data parsing, and API integration.

Desired Qualifications:

• Certifications are highly valued. Common ones include: CISSP, CISM, GIAC/SANS certifications, and platform-specific credentials from vendors like Splunk, Microsoft, or IBM.

• Experience at a DoD Combatant Command (e.g., SOUTHCOM, NORTHCOM, CENTCOM, CYBERCOM, INDOPACOM, EUCOM, AFRICOM, STRATCOM, TRANSCOM, SOCOM, SPACECOM) or a component is desired.

Clearance Requirements:

• Must have a current/active Top Secret clearance.  Must be able to obtain and maintain SCI access.

Physical Requirements:

• Must be able to remain in a stationary position 50%

• Needs to occasionally move about inside the office to access file cabinets, office machinery, etc.

• Frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations.