TS/SCI SIEM Cyber Security Engineer

Insight Global is seeking a SIEM Cyber Security Engineer to support a critical mission focused on detecting, analyzing, and responding to cyber threats across a large enterprise environment. This role plays a key part in improving security visibility, reducing false positives, and ensuring early detection of malicious activity through effective SIEM content and automation. Key responsibilities include:
• Analyze cyber defense (DCO) events and security logs to identify malicious or suspicious activity
• Apply current industry SIEM best practices to improve detection accuracy and overall performance
• Correlate security alerts with enriched log data to distinguish legitimate threats from false positives
• Monitor and assess the effectiveness of security controls, including identifying unauthorized outbound connections
• Develop and maintain SIEM detections and use cases through enterprise‑wide log analysis
• Build dashboards and visualizations that highlight adversary behavior and security trends
• Create virtual “tripwires” using log data to enable early threat detection
• Design, implement, test, and tune SIEM solutions to optimize performance and reliability
• Build, test, and validate SIEM rules, filters, and correlation logic
• Continuously tune SIEM content to reduce noise caused by known behavior, false positives, and system errors
• Analyze malware threats and develop behavior‑based detections to alert on or prevent malicious activity
• Automate SIEM tasks using scripting or programming languages
• Create scheduled and ad‑hoc reports using SIEM tools to support operational and compliance needs
• Develop and maintain SIEM documentation, processes, and knowledge repositories
• Track metrics and trends to measure detection effectiveness and improve mission outcomes
• Support operational leadership with SIEM content development and reporting needs

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• Active Top-Secret SCI (TS/SCI) security clearance
• Active GIAC Machine Learning Engineer (GMLE) certification or a bachelor's degree in computer science
• 2-3+ years of experience using SIEM technology (ArcSight, Splunk, and/or ELK) for log handling, reports, filters, rule creation, etc.
• 2-3+ years of network traffic analysis experience (understanding protocols and identifying ports)

• Experience with DoD (Air Force, Navy, Army, etc.) Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
• Experience with MITRE ATT&CK framework
• Experience with Security, Orchestration, Automation, and Response (SOAR) platforms such as Phantom or Demisto
• Experience with Python and PowerShell

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.