Position Overview

We are seeking a highly skilled Senior Security Engineer to support a federal client’s Virtual Security Operations Center (vSOC). This role serves as the primary onsite technical lead, responsible for ensuring effective security monitoring, detection engineering, and coordination with internal stakeholders.

The selected candidate will work in a hybrid capacity, providing onsite support 2–3 days per week, with additional presence required during security incidents or elevated operational demand.

Key Responsibilities

• Review and validate Microsoft Sentinel log ingestion, data pipelines, and monitoring coverage
• Develop, validate, and tune detection use cases aligned with threat intelligence and best practices
• Identify telemetry gaps, ingestion failures, and monitoring blind spots
• Coordinate with internal teams to support incident response and remediation activities
• Support vulnerability prioritization and validate patch governance processes
• Validate and optimize log routing, normalization, and ingestion pipelines (e.g., Cribl or similar tools)
• Provide onsite technical support during active security incidents
• Ensure alignment with Zero Trust principles and enterprise security architecture

Required Qualifications

• 7+ years of experience in cybersecurity, SOC operations, or security engineering
• Hands-on experience with:
• Microsoft Sentinel (SIEM)
• Microsoft Defender for Endpoint (Windows & macOS)
• Microsoft Defender for Identity
• AWS log ingestion and cloud telemetry
• Strong understanding of:
• SIEM architecture and log management
• Threat detection and incident response workflows
• Log normalization and data correlation
• Experience identifying and resolving log ingestion and telemetry issues
• Ability to work onsite and collaborate directly with stakeholders

Preferred Qualifications

• Experience supporting federal or regulated environments (CUI, PII, FTI, PHI)
• Familiarity with NIST frameworks (800-53, 800-61, 800-171)
• Experience with tools such as Cribl or similar log pipeline technologies
• Relevant certifications (preferred):
• Microsoft Security Certifications (e.g., SC-200, SC-300)
• CISSP, CEH, GCIA, or equivalent

Education

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field or equivalent work experience

Clearance / Eligibility

• No active clearance required
• Must be eligible to obtain and maintain a federal background investigation and onsite access approval

Work Model

• Hybrid role: 2–3 days onsite per week in Washington, DC
• Additional onsite presence required during security incidents or high-priority events
• Works in coordination with a 24 x 7 remote SOC team