Platform / SIEM Engineer (Mid-Level)

Dark Wolf Solutions is seeking a Mid-Level Platform / SIEM Engineer to support the Unified Platform Cyber Operations & Security Center (COSC) in San Antonio, TX. The Platform / SIEM Engineer will contribute to the development, maintenance, and optimization of telemetry pipelines, SIEM platforms, and operational observability systems that protect COSC mission environments across multiple security classifications. The successful candidate will apply engineering skills to enhance real-time visibility, improve detection capabilities, and strengthen platform reliability.

Key Responsibilities

• Deploy and maintain telemetry collection agents and pipelines for cloud, application, and platform observability.
• Configure and optimize SIEM platform operations (Elastic Stack, LogRhythm, or Splunk) to ensure effective log ingestion, parsing, and correlation.
• Develop and tune detection rules, dashboards, and alerts based on operational requirements and threat intelligence.
• Support integration of logging from Kubernetes clusters, containerized workloads, cloud-native services, and SaaS tools.
• Perform continuous health monitoring and performance optimization of telemetry and SIEM infrastructure.
• Assist in mapping telemetry to compliance frameworks such as NIST 800-53 controls and RMF standards.
• Collaborate with Site Reliability Engineers, Security Analysts, and Cloud Engineers to ensure end-to-end platform visibility.
• Assist with incident investigations by extracting and analyzing telemetry and SIEM event data.
• Contribute to the development of operational procedures, runbooks, and technical documentation for observability and SIEM management.
• Support periodic platform upgrades, tuning activities, and detection content updates.

Basic Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related technical field, or equivalent industry experience.
• Minimum of 3–5 years of experience in SIEM administration, cybersecurity operations, or platform monitoring.
• Hands-on experience operating SIEM tools (Elastic Stack, LogRhythm, Splunk) and observability platforms.
• Experience developing parsing rules, enrichment pipelines, or correlation logic for event telemetry.
• Familiarity with cloud environments (AWS, Azure) and container orchestration (Kubernetes, Docker).
• Basic scripting ability in languages such as Python, Bash, or PowerShell for automation tasks.
• Understanding of cybersecurity detection frameworks such as MITRE ATT&CK.
• US Citizenship required with an active Secret clearance and eligibility for Top Secret/SCI.

Desired Qualifications

• Certifications such as Elastic Certified Analyst, Splunk Core Certified User, or similar credentials.
• Experience with SIEM content tuning, threat hunting, or detection engineering.
• Familiarity with Infrastructure as Code (IaC) concepts and tools such as Terraform or CloudFormation.
• Exposure to SOAR platforms or security automation integrations.
• Experience supporting mission-critical operations within Department of Defense or Intelligence Community environments.

The estimated salary range is $145,000.00 - $180,000.00, commensurate on experience, technical expertise, certifications, and clearance level.

Primary work location is San Antonio, TX. Hybrid model with a mix of remote and on-site support; on-site presence required for classified system activities.

We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.
 
 In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.