Security Operations Engineer - SIEM

Piper Companies is seeking an Security Operations Engineer - SIEM to join a security operations company providing a comprehensive suite of security operations solutions. This engineer will provide engineering, deployment, and operational support for Microsoft Defender for Endpoint within a Federal customer's cloud and hybrid environments. This role is Hybrid in Washington, DC.

Responsibilities of the Security Operations Engineer - SIEM include:

• Configure and optimize Microsoft Sentinel and other log aggregation platforms
• Tune detection rules, create dashboards, and write custom queries (e.g., KQL)
• Support threat intelligence feed ingestion and enrichment
• Collaborate with ZTA and IR teams on triage and analysis
• Maintain uptime, health, and performance of the SIEM environment
• Log Management: Review of ingestion and normalization of logs, ability to ingest and analyze all common log formats, consulting on log storage method and pricing tier, and consulting on cost management recommendations for log pricing
• Sentinel: Sentinel management with regularly updated baseline and continuous deployment of updated rules
• Threat Intelligence: Disburse threat intelligence to key employees and ability to share hardening recommendations and update baseline from lessons learned across full client base
• Staff support: Educational development – ability to leverage Microsoft partnership and team’s technical knowledge to hold workshops and training on Azure and M365 Cloud Services 
• Continuous Improvement: Review of Architecture to look for gaps in cybersecurity solution and drive efficiencies in logging and log storage
• Program Management Support
• Automated Response support
• 24x7x365 monitoring of security events
• Incident Handling support

Qualifications of the Security Operations Engineer - SIEM include:

• 5+ Years of total Security Engineering experience
• 3+ years supporting SIEM platforms (Microsoft Sentinel preferred) in GCC/GCC-H or federal environments
• Proficiency in log parsing, rule creation, alert tuning, and SIEM maintenance
• Familiarity with incident response workflows and SOAR integrations
• Experience with security tools such as Trellix, RSA NetWitness, Zscaler, or Rapid7 a plus
• Strong analytical and documentation skills

Salary of the Security Operations Engineer - SIEM include:

• Salary: $140,000 - $160,000
• 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed , Medical, Dental, and Vision Insurance (available on the 1st day of the month following your first day of employment) , Group Term Life, Short-Term Disability, Long-Term Disability , Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness, Participation in the Discretionary Time Off (DTO) Program,11 Paid Holidays Annually 

Keywords: #LI-RL1 #LI-Remote 

SIEM, SOAR, XSOAR, Detection, Automation, scripting, ingestion, rules, alerts, IR, security automation orchestration and response, Defender, Sentinel one, Splunk, Migrate, Migration, implement, implementation, logs, rules, alerts, query, dashboards, Endpoint, EDR, Defender, DFe, detection, threat managmenet, intelligence