SIEM Solutions Engineer

Peraton is seeking an experienced SIEM Solutions Engineer to join our team of qualified and diverse individuals supporting the Department of Homeland Security DCCO program. This role supports a mission critical environment focused on enterprise cybersecurity operations, monitoring, and defensive cyber capabilities across complex federal IT systems.

The SIEM solutions engineer will be responsible for maintaining and operating SIEM products, primarily Splunk, ensuring they are collecting logs from their various sources, and ensuring the SOC is able to monitor the logs.

This position is remote. 

Day to Day Roles and Responsibilities:

• Ensuring the DC1 Splunk infrastructure (applications and servers) and operational.
• Apply Splunk security updates and patches as required to maintain operational capability and security compliance.
• Ensure log sources from new systems, applications, hosts and databases and forwarded to Splunk.
• Ensure the log sources are being provided in a view required by end users (SOC analysts and ISSO’s).

Basic Qualifications:

• Bachelor’s degree with 5+ years of related experience, Master’s degree with 3+ years of experience, Associate’s degree with 7+ years of experience, or High School diploma/equivalent with 9+ years of related experience.
• U.S. Citizenship required with the ability to obtain and maintain a Public Trust / DHS Entrance on Duty (EOD) clearance. Employment is contingent upon successfully obtaining and maintaining DHS EOD suitability.
• 2+ years of hands on experience supporting, configuring, or administering Splunk Enterprise in an enterprise environment.
• Comprehensive understanding of core Splunk architecture and components, including Universal Forwarders (UFs), Indexers, Search Heads, data pipelines, and log ingestion methodologies.
• Experience configuring and managing log ingestion into Splunk from a variety of enterprise sources, including system, application, network, and security logs.
• Experience developing dashboards, reports, alerts, and end user visualizations to support operational monitoring, reporting, and analytics.
• Experience troubleshooting Splunk performance, ingestion, indexing, and search related issues.
• Strong understanding of enterprise monitoring, observability, log aggregation, and security/event monitoring concepts.

Preferred Qualifications:

• Prior experience supporting DHS environments or federal government programs utilizing Splunk is highly desired.
• Experience supporting cybersecurity, SOC, NOC, SIEM, or operational monitoring environments preferred.
• Familiarity with scripting or automation tools such as PowerShell, Python, or Bash preferred.
• Relevant certifications such as CompTIA Security+, CEH, GCIA, GCIH, CISSP, or similar cybersecurity certifications preferred.
• Splunk Core Certified Power User or Splunk Enterprise Certified Admin certification