TS/SCI SIEM Cyber Security Engineer

Insight Global is seeking a Cyber SIEM Content Developer to support a critical mission focused on detecting, analyzing, and responding to cyber threats across a large enterprise environment. This role plays a key part in improving security visibility, reducing false positives, and ensuring early detection of malicious activity through effective SIEM content and automation.
Key responsibilities include:

Analyze cyber defense (DCO) events and security logs to identify malicious or suspicious activity
Apply current industry SIEM best practices to improve detection accuracy and performance
Correlate security alerts with enriched log data to help distinguish real attacks from false positives
Monitor and assess security control effectiveness, including identifying unauthorized outbound connections
Develop and maintain SIEM detections and use cases by analyzing log data across the enterprise
Build dashboards and visualizations that highlight adversary behavior and security trends
Create virtual “tripwires” using log data to enable early threat detection
Design, implement, test, and tune SIEM solutions to optimize performance and reliability
Build, test, and validate SIEM rules, filters, and correlation logic
Continuously tune SIEM content to reduce noise from known behavior, false positives, and system errors
Analyze malware threats and develop behavior‑based detections to alert on or prevent malicious activity
Automate SIEM tasks using scripting or programming languages
Create both scheduled and ad‑hoc reports using SIEM tools to support operations and compliance
Develop and maintain SIEM documentation, processes, and knowledge repositories
Track metrics and trends to measure detection effectiveness and improve mission outcomes
Support operational leadership with SIEM content development and reporting needs

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

* Active TS/SCI
* GMLE Certification (GIAC Machine Learning Engineer) OR Degree in Computer Science
* More than 5 years of SIEM technology such as ArcSight, Splunk, and/or ELK.
* More than 3 years with network traffic analysis, ports, and protocols. BA/BS or MA/MS
* More than five (5) years of SIEM technology such as Arcsight, Splunk and/or ELK. Including, but not limited to, log handling, reports, filters, rule creation.
* Extensive knowledge with IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and * Agencies (i.e., Air Force, Navy, Army, DC3, DISA).
* More than three (3) years of experience with Network * Traffic Analysis; ports and protocols. SANS GCDA or equivalent certification(s).
* Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects)
* Additionally, more than one (1) year of experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom and/or Demisto. Proficient in Python and PowerShell.

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.