Cybersecurity Operations Specialist -SIEM Services (Evergreen)

Posted 4 Days Ago
Be an Early Applicant
St. Louis, MO, USA
In-Office
128K-173K Annually
Senior level
Aerospace • Information Technology • Professional Services • Security • Software
The Role
Operate, maintain, and improve enterprise SIEM and log aggregation platforms (ArcSight, ElasticSearch, Kibana, Splunk). Onboard assets, develop alerts/playbooks/rules, tune queries, troubleshoot event flow and parsing, and perform engineering, testing, and emergency maintenance to meet 99.99% availability and Intelligence Community standards. Document incidents, use ticketing systems, and support CSOC reporting and integrations. Requires active TS/SCI and relevant DoD 8570 certifications.
Summary Generated by Built In

Type of Requisition:

Pipeline

Clearance Level Must Currently Possess:

Top Secret/SCI

Clearance Level Must Be Able to Obtain:

Top Secret SCI + Polygraph

Public Trust/Other Required:

None

Job Family:

Cyber and IT Risk Management

Job Qualifications:

Skills:

Analytics, ArcSight SIEM, ElasticSearch, Kibana

Certifications:

None

Experience:

6 + years of related experience

US Citizenship Required:

Yes

Job Description:

GDIT is seeking a motivated, career and customer-oriented Cybersecurity Operations Specialist to perform on our Cybersecurity Data Analysis Services team in At Louis, MO.

The team member shall provide cybersecurity data analysis services, which designs, develops, builds, tests, configures, employs, operates, integrates, sustains, and refreshes the Security Information Events Management (SIEM) capability (i.e. Enterprise Audit), long-term analytics platform, log aggregation platform, and the cyber threat intelligence capability, signature development and deployment, and reputation management services. This includes the onboarding of all new and existing IT resources, and ensuring the correct routing of all audit events to mission partners in accordance with Intelligence Community Standards (ICS) 500-27.

Job Duties Include:

  • Provide all preventative and corrective maintenance to ensure consistent, reliable, and secure service availability. This includes all actions required to return the service to full operational capability such as vendor RMA processes, removal and proper disposal of broken equipment/software, installation and testing of new equipment/software, and configuration of new equipment/software
  • Maintain system availability and reliability with a threshold of 99.99%
  • Detect and ticket degradations (volume/velocity) of all SIEM data flows within 60 minutes of the start of the degradation
  • Perform day-to-day maintenance, and specific scheduled maintenance activities that result from manufacturers recommended service intervals, alerts, bulletins, available patches, and updates according to agency approved change management processes. This includes maintaining updated documentation, change logs, and service bulletin libraries for all supported equipment and software in the CSOC knowledge management platform
  • Execute emergency maintenance actions with sufficient urgency to preclude unacceptable outage durations, approved by the Government prior to execution, and coordinated through and approved by CSOC and ESC government management
  • Perform all development, engineering, testing, integration, and implementation actions necessary for major vendor revisions
  • Perform continuous engineering assessments to improve the performance, effectiveness, coverage, and maturity of this service.
  • Retain documentation regarding loss of event logs (e.g. June 5-7th DNS logs were not ingested from SBU and are lost)
  • Configure all assets assigned to this service within the Government Furnished Information - Software Tools list in accordance with all Federal, DoD, IC, and NCE laws, directives, orders, polices, guidance, procedures etc.
  • Perform all development, design, engineering, testing, integration, and implementation actions needed for the total integration and interoperability between all applicable assets in the Government Furnished Information - Software Tools list. This includes ensuing all data flows are properly parsed for ingestion/transmission to internal and external automated reporting systems (e.g. JFHQ DoDIN – Joint Incident Management System, DoD CIO – DoD Scorecard/Get to Green reporting, IC CIO – Cybersecurity Performance Evaluation Model reporting, etc.)
  • Utilize agency approved ticketing systems to document, track, assign, update, and coordinate all engineering, integration, configuration, and maintenance actions
  • Use various monitoring, analysis, and visualization tools to track effectiveness, status, performance metrics, and other information as needed or required by Government staff and contractors assigned Cybersecurity Operations Services and Cybersecurity Readiness Services

Required Skills:

  • SIEM experience with one of the following ArcSight, ElasticSearch, Splunk, Event Broker, User Behavioral Analysis (UBA)
  • Experience providing support to Cybersecurity Operations Cell (CSOC) in creating alerting rules
  • Create SIEM playbooks
  • Linux (RHEL) Expert (administration and engineering)
  • Proficient in manipulating SIEM filters to better find and analyze potential malicious/atypical activity and reduce false positives
  • Experience with content development within ArcSight and Kibana to facilitate Cyber Analysts ability to investigate malicious events
  • Creation of ArcSight rules based on use cases of malicious events
  • Tuning and aggregation of queries and filters
  • Skilled in troubleshooting event flow through Enterprise Audit infrastructure
  • Skilled in troubleshooting event format and parsing for ingest into data storage and into SIEM tools
  • Active TS/SCI Clearance
  • DoW 8570.01-M IAT Level II and CSSP Infrastructure Support certifications
  • 6+ years Experience with SIEM and Development Projects
  • 6+ years Experience with SIEM support for projects and technical exchange meetings
  • 6+ years Experience developing and maintaining enterprise audit projects

Desired Skills:

  • Kibana
  • Data Analytics

The likely salary range for this position is $128,039 - $173,229. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:

40

Travel Required:

None

Telecommuting Options:

Onsite

Work Location:

USA MO St. Louis

Additional Work Locations:

Total Rewards at GDIT:

Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

 



Our Identity Verification Process:

As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes.

About Our Work:

We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

Join our Talent Community to stay up to date on our career opportunities and events at

gdit.com/tc.

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

Skills Required

  • Experience with SIEM (ArcSight, ElasticSearch, Splunk, Event Broker, UBA)
  • 6+ years experience with SIEM and development projects
  • 6+ years experience supporting SIEM projects, technical exchange meetings, and enterprise audit projects
  • Active Top Secret/SCI (TS/SCI) clearance
  • Ability to obtain Top Secret SCI with Polygraph
  • DoD 8570.01-M IAT Level II and CSSP Infrastructure Support certifications
  • Linux (RHEL) expert administration and engineering
  • Experience creating SIEM playbooks and alerting rules for CSOC
  • Content development within ArcSight and Kibana
  • Creation of ArcSight rules based on malicious event use cases
  • Proficiency manipulating SIEM filters to reduce false positives and analyze malicious activity
  • Tuning and aggregation of queries and filters
  • Troubleshooting event flow through Enterprise Audit infrastructure
  • Troubleshooting event format and parsing for ingest into data storage and SIEM tools
  • Maintain system availability, documentation, change logs, and service bulletin libraries
  • Use of agency-approved ticketing systems to document and track engineering and maintenance actions
  • Kibana
  • Data Analytics

General Dynamics Information Technology Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about General Dynamics Information Technology and has not been reviewed or approved by General Dynamics Information Technology.

  • Affordable Benefits Pay and benefits are described as good or okay in multiple places, and the overall package is often portrayed as acceptable even when base pay is not viewed as top-tier.
  • Healthcare Strength Medical, dental, and vision plan options are presented as comprehensive, with additional protections like disability and life insurance contributing to a well-rounded health and protection offering.
  • Retirement Support A 401(k) plan with company match is consistently highlighted as part of the total rewards package, supporting longer-term financial planning.

General Dynamics Information Technology Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Falls Church, VA
21,625 Employees

What We Do

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

Similar Jobs

Wells Fargo Logo Wells Fargo

Lead Product Manager

Fintech • Financial Services
Hybrid
Saint Louis, MO, USA
205000 Employees

People Inc. Logo People Inc.

Senior Software Engineer

AdTech • Consumer Web • Digital Media • eCommerce • Marketing Tech
Remote or Hybrid
US
3500 Employees
160K-195K Annually

SailPoint Logo SailPoint

Answer Engine Optimization (AEO/GEO) Manager

Artificial Intelligence • Cloud • Sales • Security • Software • Cybersecurity • Data Privacy
Remote or Hybrid
2 Locations
2461 Employees
101K-171K Annually

Artera Logo Artera

Head of Segment

Healthtech • Sales • Software • Analytics • Conversational AI
Easy Apply
Hybrid
3 Locations
250 Employees
200K-300K Annually

Similar Companies Hiring

Outpost Space Thumbnail
Aerospace • Defense
US
24 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account