PD Inc
Cyber Enginer-SIEM Engineer (Sentinel/NetWitness/Trellix)
PD Inc, Washington, District of Columbia, us, 20022
Job Description:
SIEM Engineer (Sentinel/NetWitness/Trellix)
Overview:
PD INC International, as a key support contractor to the Government Publishing Office (GPO), is providing enterprise-wide cybersecurity engineering and architecture support initiative. The core objective of this engagement is to design, implement, and oversee the execution of a comprehensive Zero Trust Architecture (ZTA) framework aligned with NIST SP 800-207 and Executive Order 14028. This includes establishing governance, security engineering, and risk mitigation strategies that advance the cybersecurity maturity posture of GPO's information systems and enterprise security operations. As part of this mission, we are seeking a SIEM Engineer with expert-level experience in managing Microsoft Sentinel, Trellix, and NetWitness systems. This role will provide key support to the GPO Security Operations Center (SOC), focusing on log ingestion, threat intelligence analysis, automation, and 24x7x365 security event monitoring. The SIEM Engineer will directly contribute to operationalizing GPO’s cyber defense capabilities by aligning detection logic, analytics, and incident response mechanisms across the enterprise.
The SIEM Engineer will provide on-site and remote support during GPO Shift 1 operational hours (0600 – 1730, Monday through Friday) for 40 hours per week, with the flexibility to support events during Continuity of Operations (COOP), unplanned outages, or exercises. This includes potential relocation to a designated alternate site to maintain SOC services. Work will be assigned through formal Task Orders that define technical objectives and deliverables in accordance with GPO cybersecurity requirements.
Support Scope: The primary objective of this role is to perform SIEM support activities. Responsibilities include development of Task Order Management Plans, cost analysis, project tracking schedules, risk registers, and issue mitigation strategies supporting the GPO SOC. The SIEM Engineer will serve as a subject matter expert on threat analytics and detection strategies, leveraging enterprise-wide data sources and technologies to ensure continuous protection, visibility, and response coverage across the GPO's digital environment.
Key Responsibilities: Log Management and Ingestion:
Review log ingestion and normalization for completeness and efficiency Support ingestion of all common log formats (syslog, CEF, Windows Events, etc.) Provide consultation on log storage methodologies and pricing tier optimization Develop cost management recommendations to reduce log storage overhead Microsoft Sentinel and Rule Management:
Manage Microsoft Sentinel baseline, detections, and integrations Implement continuous deployment of updated analytics rules and workbooks Tune alert thresholds and reduce false positives across endpoints and servers Threat Intelligence and Awareness:
Distribute threat intelligence indicators to appropriate security staff Maintain feedback loop with SOC for continuous baseline hardening Leverage industry and Microsoft threat intel feeds to enhance detection Staff Enablement and Training:
Organize and conduct workshops on Azure and M365 Cloud Services Share best practices and tool knowledge across the IT security division Architecture Review and Improvement:
Identify gaps in SIEM coverage and recommend enhancements Optimize log sources and refine logging policy for cost and value alignment Lead quarterly architecture reviews to assess detection efficacy Automation and Expert System Integration:
Deploy expert system workflows to correlate internal and external data Automate enrichment of alerts and cases with context and evidence Enable precision case resolution and reduce analyst investigation time Security Event Monitoring (24x7x365):
Oversee endpoint and server threat detection using Microsoft Defender, Trellix, and 365 Defender Monitor firewalls, AD user behavior, and server endpoints Analyze syslog/CEF and provide custom alerting based on operational needs Maintain monitoring of Microsoft Sentinel instances and tune configurations Execute advanced threat hunting and response across all data sources Incident Handling and SOC Support:
Deliver incident response guidance and documentation Lead recurring operational reviews with SOC leads Recommend best practices for incident resolution and future mitigation Minimum Qualifications:
Education and Certifications: Bachelor’s degree in Information Security, Computer Science, or related technical field. Microsoft Certified: Security Operations Analyst Associate or Sentinel certification preferred. Skills and Competencies: Deep familiarity with Microsoft Sentinel, Trellix, NetWitness, Syslog, CEF, and automated alert workflows. Strong scripting and analytical skills (KQL, PowerShell, Python preferred). Experience: Minimum of five (5) years of experience in enterprise SIEM engineering or security operations. Experience in designing and maintaining log pipelines and automating security workflows. Security Clearance: Active U.S. security clearance required at time of application. Preferred Certifications:
CISSP, CCSP, Azure Security Engineer Associate, or equivalent Zero Trust Strategist (ZTX, CISA ZT Certified)
Work Environment: This role operates in a hybrid capacity. Monthly in-person attendance is required for the GPO IT Security All Hands meeting (3rd Tuesday). Candidate must be available during GPO contractor hours and remain responsive during COOP or emergency operations. Ability to relocate temporarily to an alternate GPO location for continuity support is required.
Equal Opportunity Employer: PD INC is an Equal Opportunity Employer and welcomes applicants from all backgrounds, including veterans and individuals with disabilities. We are committed to diversity, equity, and inclusion in every aspect of our workforce.
#J-18808-Ljbffr
SIEM Engineer (Sentinel/NetWitness/Trellix)
Overview:
PD INC International, as a key support contractor to the Government Publishing Office (GPO), is providing enterprise-wide cybersecurity engineering and architecture support initiative. The core objective of this engagement is to design, implement, and oversee the execution of a comprehensive Zero Trust Architecture (ZTA) framework aligned with NIST SP 800-207 and Executive Order 14028. This includes establishing governance, security engineering, and risk mitigation strategies that advance the cybersecurity maturity posture of GPO's information systems and enterprise security operations. As part of this mission, we are seeking a SIEM Engineer with expert-level experience in managing Microsoft Sentinel, Trellix, and NetWitness systems. This role will provide key support to the GPO Security Operations Center (SOC), focusing on log ingestion, threat intelligence analysis, automation, and 24x7x365 security event monitoring. The SIEM Engineer will directly contribute to operationalizing GPO’s cyber defense capabilities by aligning detection logic, analytics, and incident response mechanisms across the enterprise.
The SIEM Engineer will provide on-site and remote support during GPO Shift 1 operational hours (0600 – 1730, Monday through Friday) for 40 hours per week, with the flexibility to support events during Continuity of Operations (COOP), unplanned outages, or exercises. This includes potential relocation to a designated alternate site to maintain SOC services. Work will be assigned through formal Task Orders that define technical objectives and deliverables in accordance with GPO cybersecurity requirements.
Support Scope: The primary objective of this role is to perform SIEM support activities. Responsibilities include development of Task Order Management Plans, cost analysis, project tracking schedules, risk registers, and issue mitigation strategies supporting the GPO SOC. The SIEM Engineer will serve as a subject matter expert on threat analytics and detection strategies, leveraging enterprise-wide data sources and technologies to ensure continuous protection, visibility, and response coverage across the GPO's digital environment.
Key Responsibilities: Log Management and Ingestion:
Review log ingestion and normalization for completeness and efficiency Support ingestion of all common log formats (syslog, CEF, Windows Events, etc.) Provide consultation on log storage methodologies and pricing tier optimization Develop cost management recommendations to reduce log storage overhead Microsoft Sentinel and Rule Management:
Manage Microsoft Sentinel baseline, detections, and integrations Implement continuous deployment of updated analytics rules and workbooks Tune alert thresholds and reduce false positives across endpoints and servers Threat Intelligence and Awareness:
Distribute threat intelligence indicators to appropriate security staff Maintain feedback loop with SOC for continuous baseline hardening Leverage industry and Microsoft threat intel feeds to enhance detection Staff Enablement and Training:
Organize and conduct workshops on Azure and M365 Cloud Services Share best practices and tool knowledge across the IT security division Architecture Review and Improvement:
Identify gaps in SIEM coverage and recommend enhancements Optimize log sources and refine logging policy for cost and value alignment Lead quarterly architecture reviews to assess detection efficacy Automation and Expert System Integration:
Deploy expert system workflows to correlate internal and external data Automate enrichment of alerts and cases with context and evidence Enable precision case resolution and reduce analyst investigation time Security Event Monitoring (24x7x365):
Oversee endpoint and server threat detection using Microsoft Defender, Trellix, and 365 Defender Monitor firewalls, AD user behavior, and server endpoints Analyze syslog/CEF and provide custom alerting based on operational needs Maintain monitoring of Microsoft Sentinel instances and tune configurations Execute advanced threat hunting and response across all data sources Incident Handling and SOC Support:
Deliver incident response guidance and documentation Lead recurring operational reviews with SOC leads Recommend best practices for incident resolution and future mitigation Minimum Qualifications:
Education and Certifications: Bachelor’s degree in Information Security, Computer Science, or related technical field. Microsoft Certified: Security Operations Analyst Associate or Sentinel certification preferred. Skills and Competencies: Deep familiarity with Microsoft Sentinel, Trellix, NetWitness, Syslog, CEF, and automated alert workflows. Strong scripting and analytical skills (KQL, PowerShell, Python preferred). Experience: Minimum of five (5) years of experience in enterprise SIEM engineering or security operations. Experience in designing and maintaining log pipelines and automating security workflows. Security Clearance: Active U.S. security clearance required at time of application. Preferred Certifications:
CISSP, CCSP, Azure Security Engineer Associate, or equivalent Zero Trust Strategist (ZTX, CISA ZT Certified)
Work Environment: This role operates in a hybrid capacity. Monthly in-person attendance is required for the GPO IT Security All Hands meeting (3rd Tuesday). Candidate must be available during GPO contractor hours and remain responsive during COOP or emergency operations. Ability to relocate temporarily to an alternate GPO location for continuity support is required.
Equal Opportunity Employer: PD INC is an Equal Opportunity Employer and welcomes applicants from all backgrounds, including veterans and individuals with disabilities. We are committed to diversity, equity, and inclusion in every aspect of our workforce.
#J-18808-Ljbffr