SIEM Administrator / Security Monitoring Engineer
Akima, Alexandria, VA, United States
SIEM Administrator / Security Monitoring Engineer
Tuvli is seeking a highly motivated, self‑directed and experienced individual to fill the role of a SIEM Administrator/Security Monitoring Engineer for our existing government client in the Alexandria, VA. To join our team of outstanding professionals, apply today!
The SIEM Administrator / Security Monitoring Engineer is responsible for the deployment, configuration, administration, and optimization of enterprise Security Information and Event Management (SIEM) and security monitoring platforms in secure and air-gapped environments. This role focuses on designing and maintaining security monitoring solutions, with primary experience in Elastic Stack and Splunk, while supporting other security analytics, log management, and monitoring technologies as required. The position requires expertise in both platform engineering and operational configuration, including backend system administration, data ingestion pipelines, and front‑end configuration such as dashboards, alerts, visualizations, and reporting used by cybersecurity analysts and Security Operations Centers (SOC).
Responsibilities
Design, deploy, and administer enterprise SIEM platforms (e.g., Elastic Stack, Splunk), including scalable architecture, clustering, high availability, secure configuration (RBAC, authentication), and full lifecycle management in both connected and air‑gapped environments.
Manage SIEM operations in isolated networks by handling offline installations, dependency management, secure update ingestion (patches, plugins, threat intelligence), and enforcing system hardening and compliance requirements.
Architect and maintain enterprise log ingestion pipelines by integrating diverse data sources (OS, network, security, identity systems), and implementing parsing, normalization, enrichment, and throughput optimization.
Develop and tune detection logic, correlation rules, and alerting workflows aligned to frameworks such as MITRE ATT&CK, improving detection fidelity and reducing false positives while supporting threat hunting and investigations.
Monitor and optimize platform performance through health monitoring, query and indexing optimization, storage and retention strategies, and capacity planning for scalable growth.
Create dashboards, visualizations, and automated reporting to support SOC operations and leadership, while collaborating with analysts to enhance workflows and integrating new tools and data sources.
Maintain comprehensive documentation, including system architecture, ingestion processes, SOPs, and audit/compliance artifacts.
Qualifications
Experience supporting a Security Operations Center (SOC) environment.
Experience with multiple SIEM or security analytics platforms preferred.
Familiarity with threat detection methodologies and adversary frameworks.
Experience with infrastructure automation or configuration management preferred.
Professional certifications such as:
Splunk Certified Administrator.
Elastic Certified Engineer.
CISSP or equivalent cybersecurity certification.
Advanced troubleshooting and analytical problem solving.
Strong written documentation and process development.
Collaboration with cybersecurity operations and infrastructure teams.
Continuous improvement of enterprise security monitoring capabilities.
Clearance: Minimum DoD Interim Secret Clearance is required.
Candidate must reside within 50 miles of the Nation Capital Region (NCR)/ Washington DC.
Job ID
2026-21699
Work Type
Hybrid
#J-18808-Ljbffr
Tuvli is seeking a highly motivated, self‑directed and experienced individual to fill the role of a SIEM Administrator/Security Monitoring Engineer for our existing government client in the Alexandria, VA. To join our team of outstanding professionals, apply today!
The SIEM Administrator / Security Monitoring Engineer is responsible for the deployment, configuration, administration, and optimization of enterprise Security Information and Event Management (SIEM) and security monitoring platforms in secure and air-gapped environments. This role focuses on designing and maintaining security monitoring solutions, with primary experience in Elastic Stack and Splunk, while supporting other security analytics, log management, and monitoring technologies as required. The position requires expertise in both platform engineering and operational configuration, including backend system administration, data ingestion pipelines, and front‑end configuration such as dashboards, alerts, visualizations, and reporting used by cybersecurity analysts and Security Operations Centers (SOC).
Responsibilities
Design, deploy, and administer enterprise SIEM platforms (e.g., Elastic Stack, Splunk), including scalable architecture, clustering, high availability, secure configuration (RBAC, authentication), and full lifecycle management in both connected and air‑gapped environments.
Manage SIEM operations in isolated networks by handling offline installations, dependency management, secure update ingestion (patches, plugins, threat intelligence), and enforcing system hardening and compliance requirements.
Architect and maintain enterprise log ingestion pipelines by integrating diverse data sources (OS, network, security, identity systems), and implementing parsing, normalization, enrichment, and throughput optimization.
Develop and tune detection logic, correlation rules, and alerting workflows aligned to frameworks such as MITRE ATT&CK, improving detection fidelity and reducing false positives while supporting threat hunting and investigations.
Monitor and optimize platform performance through health monitoring, query and indexing optimization, storage and retention strategies, and capacity planning for scalable growth.
Create dashboards, visualizations, and automated reporting to support SOC operations and leadership, while collaborating with analysts to enhance workflows and integrating new tools and data sources.
Maintain comprehensive documentation, including system architecture, ingestion processes, SOPs, and audit/compliance artifacts.
Qualifications
Experience supporting a Security Operations Center (SOC) environment.
Experience with multiple SIEM or security analytics platforms preferred.
Familiarity with threat detection methodologies and adversary frameworks.
Experience with infrastructure automation or configuration management preferred.
Professional certifications such as:
Splunk Certified Administrator.
Elastic Certified Engineer.
CISSP or equivalent cybersecurity certification.
Advanced troubleshooting and analytical problem solving.
Strong written documentation and process development.
Collaboration with cybersecurity operations and infrastructure teams.
Continuous improvement of enterprise security monitoring capabilities.
Clearance: Minimum DoD Interim Secret Clearance is required.
Candidate must reside within 50 miles of the Nation Capital Region (NCR)/ Washington DC.
Job ID
2026-21699
Work Type
Hybrid
#J-18808-Ljbffr