Security Information Event Management (SIEM) Content Developer/Lead

Hill Associates Corporation is seeking a Security Information Event Management (SIEM) Content Developer/Lead to join our team supporting the Office of the Chief Information Officer (OCIO) in a large Washington, D.C. Cabinet-level Federal agency.  The position will primarily focus on working with a team of SIEM Professionals and Security Operations Center Personnel while interfacing with various stakeholders addressing their SIEM requirements.  It will involve interfacing with system and service owners focusing on use cases around SIEM content for different mission areas and bureaus.

The SIEM Content Developer/Lead role will require solid technical expertise involving SIEM tools such as Splunk Enterprise and requisite knowledge of security context use cases.  Additionally, the SIEM Content Developer/Lead must be able to interoperate between various parties, capturing the use cases and transforming those into Splunk searches, dashboards, alerts, and other artifacts.

Remote-based support in the Washington, D.C. area is currently authorized   

What You Get To Do:

The SIEM Content Developer/Lead will be responsible for gathering requirements, tracking requests, implementation, delivery, and recording acceptance when requests have been satisfactorily completed.  Responsibilities shall include the following:

  • Build scalable pipelines (both within Splunk and likely a ticketing/request system such as ServiceNow to collect and track requests) to allow bureau use cases to be added to the SIEM detection capabilities.

  • Act as a liaison between the requestors of SIEM content, SOC leadership, and the SOC/security teams responsible for triaging responses to triggered alerts.

  • Be the initial lead member of the future content team and shall provide mentoring and leadership to additional members as the team scales up.

  • Build a SIEM use case request pipeline including tracking the initial requestors needs and the status of the request, capturing requirements for historical context.

  • Manage SIEM content from capturing the requirement from the requestor through to ensuring the various teams receiving the alerts are informed and aware of how the triage is intended to be performed which includes the writing of the Splunk alert logic and connecting the output to various triage pipelines.

  • The SIEM content team will develop a new multi-tenant, multi output (alerts to SOC, reports, or alerts to bureau stakeholders directly) SIEM to replace legacy single tenant SIEM processes.

What You Bring:

  • Master’s degree and fifteen years of Information Technology experience, including at least five years of cyber security experience with SIEM experience.

  • US Citizen required

  • Active Secret Clearance required

  • Verifiable Splunk experience and certifications

  • Impeccable time management and project tracking skills

  • Experience working with security use cases and gathering requirements to build and implement Splunk queries supporting needs of multiple parties.

  • Experience in managing or supporting additional team members and working in a high paced environment.

  • Strong leadership, problem solving and critical thinking skills. Ability to prioritize and execute autonomously.

  • Ability to communicate effectively with all levels of staff, management, and clients both verbally and in writing.

  • Strong understanding of latest security principles and protocols.

  • Strong understanding of security operations technologies including SIEM, endpoint tools and network-based logs.

  • Knowledge in emerging technologies and tactics used within a SOC, and how they are applied to improve efficiency and effectiveness.

  • Understanding of tactics, techniques and procedures associated with cyber threats and the ability to develop relevant alerting, countermeasures, and threat hunting techniques.

What We Can Offer You:

Hill Associates offers a comprehensive, total rewards package, including competitive compensation and a flexible benefits package.  We are an affirmative action and equal opportunity employer committed to creating a diverse and supportive workplace. Employment decisions will be made without regard to race, color, religion, sex, age, national origin, military status, veteran status, handicap, physical or mental disability, sexual orientation, gender identity, genetic information or other characteristics protected by law.  All information you provide will be kept confidential.  Please contact Hill Associates at 202-656-6505 or via email at