Midlevel Cybersecurity SIEM Monitoring Analyst

General information

Description & Requirements

ManTech seeks a motivated, career and customer-oriented MidlevelCybersecurity SIEM Monitoring Analyst to join our team in the DC, Maryland, and Virginia (DMV) area.

The ideal candidate will be an expert in Security Information and Event Management (SIEM) systems, responsible for designing, implementing, and maintaining SIEM solutions to protect DHS's networks and information systems from cyber threats and configures tools, settings, alerts, and notifications to improve the enterprise security and resilience capabilities, including implementation of Security Orchestration and Automation for Response (SOAR) capabilities. The specialist contributes to and executes the design, development, and implementation of the NOSC's enterprise attack sensing and warning (AS&W) security program, providing monitoring and analysis (M&A) capabilities for the enterprise security program. You will develop and implement the enterprise Security Information and Event Monitoring (SIEM) strategy and tool implementation via Splunk, designing data flow diagrams and alert feed architectures to ensure seamless alert integration and monitors security queues and tool alerts to identify issues in advance. Additionally, you will participate in response activities to all major enterprise outages.

Responsibilities include, but are not limited to:

• Develop and implement the enterprise Security Information and Event Monitoring (SIEM) strategy and tool implementation via Splunk, design data flow diagrams and alert feed architectures to ensure seamless alert integration
• Develop and maintain SIEM architecture, including data sources, log management, and alerting mechanisms
• Configure tools, settings, alerts, and notifications to improve the enterprise security and resilience capabilities, including implementation of Security Orchestration and Automation for Response (SOAR) capabilities; develops content for, e.g., rule implementation on network border devices (firewalls, routers, switches, IDS/IPS, Taclanes, etc.).
• Develop content for rule implementation on network border devices (firewalls, routers, switches, IDS/IPS, Taclanes, etc.)
• Monitor security events and alerts, conducting detailed analysis to identify potential security incidents; participates in response activities to all major enterprise outages
• Collaborate with incident response teams to investigate and remediate security incidents.
• Perform regular system health checks, maintenance, and upgrades to ensure SIEM performance and reliability

Minimum Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
• 3+ years of experience in cybersecurity with a focus on SIEM engineering and operations
• Proficiency with SIEM platforms (e.g., Splunk, Swimlane, ArcSight, QRadar, LogRhythm)
• Strong understanding of network protocols, system logs, and security event correlation
• Experience in developing and tuning SIEM use cases, correlation rules, and alerts
• Relevant certifications such as CISSP, CISM, CEH, or SIEM-specific certifications (e.g., Splunk Certified Power User) are highly desirable

Preferred Qualifications:

• Previous Network Operations Center (NOC) or IT Operations experience
• Familiarity with DHS policies and procedures.
• Knowledge of broader cybersecurity frameworks (e.g., NIST, ISO 27001).
• Understanding of ITIL4 principles
• Master’s Degree

Clearance Requirements:

• Must have a current/active Secret clearance with the ability to obtain and maintain a TS/SCI.
• The ability to obtain and maintain a DHS EOD suitability is required prior to starting this position.

Physical Requirements:

• Must be able to remain in a stationary position 50%
• Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer
• The person in this position needs to occasionally move about inside the office to access file cabinets, office machinery, etc.