Location:Huntsville, AL, USAPay Type:Salary
Benefits:Extensive Benefit Options AvailableEmployment Type:Full Time

Overview:
Quantum Research International, Inc. (Quantum) provides our national defense and federal civilian and industry customers with services and products in the following main areas: 1) Cybersecurity and Information Operations; 2) Space Operations and Control; 3) Aviation Systems; 4) Ground, Air and Missile Defense, and Fires Support Systems; 5) Intelligence Programs Support; 6) Experimentation and Test; 7) Program Management; and (8) Audio/Visual Technology Applications. Quantum's Corporate Office is located in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters.addition to our corporate office, we have physical locations in Aberdeen, MD; Colorado Springs, CO; Shalimar, FL; and Tupelo, MS

Mission:

Quantum is searching for a motivated SIEM Engineer. In this role, the SIEM Engineer will be immersed in the day-to-day operations in support of NCSOC and clients in Huntsville, AL. The SIEM Engineer will use their experiences and observations to initiate, develop, design, implement and test data-focused security intelligence solutions. Ultimately, the goal of this role is to enhance monitoring and incident response capabilities using the Splunk/Elastic applications. The SIEM Engineer should have a strong understanding of optimal SIEM operation, data source requirements, demonstrate a clear understanding of security operations, incident handling, practical networking, systems administration, firewall management, and general information technology concepts.

Responsibilities:

The engineer is responsible for monitoring, configuration changes, accounts, managing log sources, and software updates for the client SIEM solution. The engineer must be able to analyze, troubleshoot, and remediate issues with the SIEM.

  • Will work closely with other teams to ensure that the SIEM is performing to standard with all necessary logging sources.
  • Analyzing, designing, developing, and delivering solutions to stop adversaries
  • Identifying threats
  • Incident response
  • Risk reviews
  • Vulnerability management
  • Event monitoring, including log management and SIEM
  • Defining how logs should be parsed
  • Writing new correlation rules
  • Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities
  • Writing custom active lists, queries, and rules
  • Care and content of SIEM platforms
  • Developing custom content based on threat intelligence
  • Ensure SIEM technologies are integrated & utilized to protect cyber related assets
  • You will help to implement the Splunk/Elastic based Security Information and Event Management System within the Cyber Program.
  • Management System (SIEM) in terms of strategy and content.
  • Onboarding of new clients into the SIEM.
  • Optimization of the integration of security and system relevant data according to requirements.
  • risk assessment of the operator organizations and the SOC.
  • Optimization and strategic development of security information and events.
  • Management System (SIEM) in terms of content and usability.
  • Integration of the integrated data into existing use cases.
  • Create dashboards, new use cases and reporting templates based on Requirements of operational and strategic bodies within the Cyber Program.
  • Maintenance and tuning of log sources, data contents and use cases.
  • Support in the operation of the comprehensive SIEM platform.
  • You support the Stakeholders in terms of know-how and the technologies used.

Required Qualifications:

  • Bachelor's degree in Computer Science or Information Systems or other technically relevant degree; 2 to 4 years of direct SIEM experience may be accepted in lieu of Bachelors
  • 2-4 years of experience with information security operations, data analysis, and/or related IT operational functions
  • Proven ability to support large scale Splunk/Elastic or similar event logging solutions (ArcSight, QRadar, LogRythm, ESM, etc.)
  • Expertise in application monitoring and event log management
  • Extensive experience creating alerts, dashboards, and reports
  • Demonstrates the ability to extract meaningful events from operating system, database, application, and security platform data
  • Understanding of Unix/Linux and Windows operating systems
  • Demonstrable expert knowledge of Splunk/Elastic Best Practices, Security Operations, Workflows and Processes
  • Demonstrable experience creating, designing and maintaining tools written in at least one major language: Python, Ruby, Java, Perl, etc.
  • Experience working with APIs and custom scripting solutions to solve unique institutional problems
  • Excellent written and verbal communication skills are required;
  • Teamwork and collaboration skills
  • Ability to communicate effectively with business representatives in explaining impacts and strategies when necessary
  • Familiarity/Training in one or more of: * Splunk Enterprise * Splunk Enterprise Security * Threat Intelligence * Intrusion Detection or Response * Security Monitoring
  • a Plus- Elastic* ArcSight* QRadar
  • Ability to obtain maintain a DoD clearance if /when applicable- preferred current Active clearance

Equal Opportunity Employer/Affirmative Action Employer M/F/D/V:
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Quantum Research International, Inc.
  • Apply Now

  • * Fields Are Required
    About You:
    Contact Info:
    Address: