What You'll Do

• Oversee day-to-day operations of the SIEM within the organization.
• Design, deploy, and configure cutting-edge SIEM solutions (e.g. Splunk, Microsoft/Azure Sentinel, IBM QRadar) to meet evolving security needs.
• Optimize SIEM processes to ensure efficient and effective log collection and employ event management best practices.
• Support security analysts in enabling threat identification, event detection, and information management.
• Plan, implement, and manage full data lifecycle for Splunk infrastructure (data ingestion, compression, indexing, archiving, etc.).
• Manage correlation rules, filters, alerts, report generation, security content development and delivery, health checks, and performance tuning.
• Perform security assessments, and audits, and ensure regulatory compliance.
• Leverage proficiency in networking concepts, system administration, security fundamentals, and access controls for SIEM deployment and optimization
• Implement effective logging mechanisms and data collection methodologies to support SIEM operations
• Utilize technical knowledge across multiple domains to configure, maintain, and enhance the SIEM solution
• Work with the SIEM team to fine-tune components, analyze complex issues, and provide innovative solutions in the SIEM environment.
• Coordinate with SOC monitoring/detection/analysis teams and incident response teams.
• Provide mentorship and direction to junior team members.

Required Qualifications

• High School + 16 years of relevant experience, or
• AA/AS + 14, years of relevant experience, or
• BA/BS + 12, years of relevant experience, or
• MA/MS + 10, years of relevant experience
• Experience managing and optimizing Splunk architecture components like search heads, indexers, heavy forwarders, universal forwarders, and clusters
• To understand and configure Splunk indexing processes, including hot/warm/cold buckets and data models
• Ability to develop regular expressions (regex) for data parsing and field extractions using props.conf and transforms.conf
• Knowledge to design and implement large-scale data ingestion pipelines via APIs, syslog, and universal forwarders
• Ability to troubleshoot and tune Splunk deployments for performance and stability, leveraging deep Linux systems knowledge
• Experience building advanced data models and pivot interfaces for complex data analysis
• Ability to develop and optimize SIEM content and processes, including managing correlation rules, filters, alerts, and report generation.
• Proficiency in scripting languages (e.g., Python, PowerShell) and automating tasks in a SIEM ecosystem.
• Strong understanding of networking and operating system administration fundamentals.

Certifications (One or more required, or similar certifications in SIEM technology)

• Splunk Cloud Certified Admin
• Splunk Enterprise Certified Admin
• Splunk Enterprise Certified Architect
• Splunk Enterprise Certified Consultant

Security Clearance

• U.S. Citizenship required
• Ability to achieve Public Trust or higher

Preferred Qualifications

• Expertise in integrating diverse threat intelligence feeds for proactive threat detection.
• Familiarity with emerging security technologies and proactive engagement in the field
• Broad familiarity with various security tools beyond SIEM technology.

#LI-LC1

Who You Are

A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.

Intellectually curious with a genuine desire to learn and advance your career.

An effective communicator, both verbally and in writing.

Customer service-oriented and mission-focused.

Critical thinker with excellent problem-solving skills.

If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.