Platform / SIEM Engineer (Senior)

Dark Wolf Solutions is seeking a Senior Platform / SIEM Engineer to support the Unified Platform Cyber Operations & Security Center (COSC) in San Antonio, TX. The Senior Platform / SIEM Engineer will lead efforts to design, deploy, and optimize telemetry pipelines, SIEM configurations, and observability frameworks that provide real-time visibility and threat detection across COSC’s classified and multi-tenant cloud environments. This role requires deep technical expertise in SIEM engineering, data ingestion pipelines, cloud observability, and operational monitoring at scale.

Key Responsibilities

• Architect and implement telemetry collection pipelines across cloud, platform, application, and network layers.
• Design, configure, and maintain SIEM platforms (Elastic Stack, LogRhythm, or Splunk) for multi-tenant, classified environments.
• Develop and maintain parsing rules, normalization logic, alerting content, and correlation workflows within the SIEM.
• Build and maintain observability dashboards to visualize platform health, performance metrics, and security telemetry.
• Ensure telemetry ingestion pipelines are resilient, scalable, and aligned with data retention and compliance requirements.
• Support tuning of detection content to reduce false positives and enhance signal fidelity across COSC environments.
• Collaborate with Cloud Engineers, Security Analysts, and SREs to ensure complete visibility across mission systems.
• Lead integration of logging and telemetry from Kubernetes clusters, containerized applications, cloud-native services, and SaaS platforms.
• Support SIEM platform upgrades, scaling, and performance optimization efforts.
• Align telemetry engineering with NIST 800-53 controls, RMF requirements, and DoD cybersecurity standards.
• Mentor mid-level and junior engineers on telemetry engineering best practices and SIEM administration.

Basic Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Engineering, or a related technical field, or equivalent industry experience.
• Minimum of 6–8 years of experience in SIEM engineering, platform monitoring, or cybersecurity operations.
• Hands-on experience architecting and maintaining enterprise-grade SIEM solutions (Elastic Stack, LogRhythm, Splunk).
• Strong expertise in data normalization, parsing, enrichment, and correlation rule development.
• Experience managing cloud-native telemetry collection from AWS, Azure, Kubernetes, and containerized environments.
• Familiarity with security detection frameworks such as Sigma rules, MITRE ATT&CK, and threat hunting methodologies.
• Strong scripting skills (Python, Bash, PowerShell) for telemetry transformation and SIEM automation.
• Understanding of NIST cybersecurity frameworks, DoD RMF, and STIG compliance requirements.
• US Citizenship required with an active Secret clearance and eligibility for Top Secret/SCI.

Desired Qualifications

• Certifications such as Elastic Certified Engineer, Splunk Certified Architect, or GIAC GMON.
• Experience designing observability architectures supporting both mission health and cybersecurity detection.
• Experience implementing log pipelines using Fluentd, Beats, Logstash, or similar agents.
• Familiarity with security orchestration, automation, and response (SOAR) integrations.
• Experience supporting Department of Defense or Intelligence Community cybersecurity operations.

The estimated salary range is $145,000.00 - $180,000.00, commensurate on experience, technical expertise, certifications, and clearance level.

Primary work location is San Antonio, TX. Hybrid model with a mix of remote and on-site support; on-site presence required for classified system activities.

We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.
 
 In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.