United States onlySecurity Infrastructure Support SIEM & Data Pipeline Technical Lead / Subject-Matter Expert (SME)
Overview
cFocus Software is seeking a Security Infrastructure Support SIEM & Data Pipeline Technical Lead / Subject-Matter Expert (SME) to design, develop, and maintain advanced data pipelines and SIEM integrations for a federal agency. The Technical Lead/SME will oversee the ingestion, normalization, and correlation of log data from hybrid environments, ensuring comprehensive visibility and compliance with federal cybersecurity frameworks. This role requires extensive experience with SIEM technologies, automation scripting, and data pipeline engineering, as well as the ability to communicate complex data concepts to both technical and executive audiences.This is a full-time position that may require on-site support at federal agency locations in the Washington, D.C. metro area. Some telework flexibility may be available depending on mission requirements. Must be able to obtain and maintain a Public Trust or higher-level security clearance as required by the agency.
Responsibilities
The SIEM & Data Pipeline Technical Lead / SME shall perform duties that include, but are not limited to:- Lead the design, implementation, and management of SIEM systems and data pipelines supporting hybrid (on-premises and cloud) environments.
- Oversee log ingestion, normalization, enrichment, and correlation to ensure effective security monitoring and incident detection.
- Develop and maintain automation scripts and tools in Python and JavaScript to streamline data routing, filtering, and transformation.
- Design and manage data collection tools and architectures for scalable log management across diverse data sources.
- Leverage experience with log formats (CEF, LEEF, JSON, XML) to implement normalization and data enrichment processes.
- Integrate on-premises and cloud-based systems with SIEM platforms (e.g., Splunk, ArcSight, QRadar, ELK Stack).
- Collaborate with DevOps teams to embed CI/CD pipelines and DevSecOps practices for data processing and security event automation.
- Develop and execute queries using SPL (Splunk Processing Language), SQL, or similar languages for analytics, visualization, and reporting.
- Implement data governance, access controls, and retention policies to ensure compliance with federal frameworks such as FISMA and OMB M-21-31.
- Provide technical leadership in mapping security events and data sources to the MITRE ATT&CK framework for advanced correlation and threat detection.
- Perform troubleshooting and root cause analysis on data ingestion and SIEM integration issues.
- Create and maintain detailed documentation including data dictionaries, architecture diagrams, and Standard Operating Procedures (SOPs).
- Communicate complex technical topics, such as data pipelines and normalization logic, to technical and non-technical stakeholders, including executive audiences.
- Collaborate with third-party vendors and cross-functional teams to improve log visibility, security monitoring, and automation capabilities.
- Mentor junior engineers and analysts on SIEM configuration, data analytics, and best practices in data pipeline management.
Required Qualifications
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (preferred).
- 10+ years of experience designing, installing, maintaining, and supporting enterprise IT systems.
- 5+ years of experience at the Senior Engineer level or higher.
- 3+ years of specific experience with cybersecurity tools or SIEM implementation and administration.
- Experience managing hybrid infrastructure environments (on-premises and cloud).
- Familiarity with cloud security concepts, services, and operations (AWS, Azure, O365), including migrations, security hardening, and logging services.
- In-depth experience with SIEM solutions, data collection tools, and proficiency with log routing, filtering, and transformation tools.
- Deep understanding of log formats (CEF, LEEF, JSON, XML), log normalization, data enrichment, and event correlation.
- Experience with CI/CD tools and DevOps practices for building reliable and repeatable data pipelines.
- Strong scripting skills in JavaScript and Python for automation and data pipeline development.
- Proficiency in writing complex queries using languages such as SPL (Splunk) or SQL.
- Excellent verbal and written communication skills for explaining complex security and data concepts to technical and non-technical audiences, including executives.
- Understanding of data governance principles and familiarity with the MITRE ATT&CK framework.
- Hands-on experience with federal cybersecurity compliance frameworks (FISMA, NIST SP 800-53, NIST SP 800-92, OMB M-21-31, CDM).
- Strong analytical and problem-solving skills for identifying and resolving data and security issues.
- Experience collaborating with third-party vendors and cross-functional teams.
Preferred Qualifications
- Experience supporting DHS or other federal agencies in SIEM and data pipeline engineering roles.
- Certifications such as Splunk Certified Architect, AWS Certified Security – Specialty, or GIAC Security Essentials (GSEC).
- Experience developing and maintaining log aggregation systems in high-volume enterprise environments.
- Knowledge of event correlation design and custom parsing logic for complex log data sources.
- Experience developing dashboards, analytics, and automated alerts within SIEM platforms.
- Proficiency with containerized or cloud-native SIEM implementations (e.g., Splunk Cloud, ELK Stack, Chronicle).
- Experience developing documentation, risk assessments, and reports for compliance and leadership audiences.
AU, CA + 8 more
