Bachelor's degree in Computer Science, Data Engineering, Cybersecurity, or related field
5+ years of experience in SIEM engineering, data engineering, or security analytics
Hands-on experience with SIEM platforms (e.g., Splunk, Elastic, QRadar)
Strong experience building data pipelines using Python, SQL, or ETL frameworks
Requirements:
Design, develop, and maintain SIEM data pipelines for ingestion, parsing, normalization, and enrichment of security logs
Implement and optimize log aggregation and data collection from on-premise, cloud (AWS GovCloud), and SaaS environments
Configure and maintain SIEM platforms (e.g., Splunk) including data onboarding, indexing strategies, and performance tuning
Develop and maintain correlation rules, dashboards, alerts, and detection use cases to support SOC operations
Job description
cFocus Software seeks a SIEM / Data Engineer to join our program supporting Housing and Urban Development (HUD). This position is remote. This position requires a Public Trust clearance. Qualifications:
Bachelor’s degree in Computer Science, Data Engineering, Cybersecurity, or related field.
5+ years of experience in SIEM engineering, data engineering, or security analytics.
Hands-on experience with SIEM platforms (e.g., Splunk, Elastic, QRadar).
Strong experience building data pipelines using tools such as Python, SQL, or ETL frameworks.
Duties:
Design, develop, and maintain SIEM data pipelines for ingestion, parsing, normalization, and enrichment of security logs.
Implement and optimize log aggregation and data collection from on-premise, cloud (AWS GovCloud), and SaaS environments.
Configure and maintain SIEM platforms (e.g., Splunk) including data onboarding, indexing strategies, and performance tuning.
Develop and maintain correlation rules, dashboards, alerts, and detection use cases to support SOC operations.
Ensure data quality, integrity, and availability across security telemetry sources.
Integrate multiple data sources including network logs, endpoint data, cloud logs, application logs, and threat intelligence feeds.
Support real-time and batch data processing to enable threat detection, incident response, and analytics.
Collaborate with SOC analysts, threat intelligence, and incident response teams to improve detection capabilities.
Automate data ingestion, transformation, and enrichment processes using scripting and data engineering tools.
Perform data mapping and normalization aligned with common schemas (e.g., CIM, ECS).
Optimize SIEM storage, retention, and query performance for large-scale data environments.
Support integration with SOAR platforms for automated response and orchestration.
Conduct troubleshooting and root cause analysis of data pipeline issues and ingestion failures.
Maintain documentation for data architecture, pipelines, and configurations.
Support compliance reporting, audit requirements, and data governance aligned with federal standards.
