Security Infrastructure Support SIEM & Data Pipeline Technical Lead / Subject-Matter Expert (SME)

Position Title : Security Infrastructure Support SIEM & Data Pipeline Technical Lead / Subject-Matter Expert (SME)

Location : Bethesda, MD | Hybrid- Not Remote

Cybervance is a rapidly growing information security and information technology company based in Washington, D.C., and we are an equal opportunity employer. We design, develop, and manage the successful execution of training programs for government and private sector organizations. Cybervance believes in creating innovative solutions to deliver measured results.

We are seeking an experienced SIEM & Data Pipeline Technical Lead / Subject-Matter Expert (SME) to provide enterprise-level leadership and hands-on expertise in the design, development, and optimization of security information and event management (SIEM) systems and data pipeline integrations. The successful candidate will oversee the ingestion, normalization, and enrichment of log data across hybrid cloud and on-premises environments to enhance threat detection, incident response, and compliance reporting.

This role requires a deep technical understanding of SIEM platforms, data architecture, and DevSecOps practices. The ideal candidate will possess strong leadership skills, technical acumen, and the ability to communicate complex data and security concepts effectively to both technical and executive stakeholders.

Responsibilities

• Lead the design, implementation, and administration of enterprise SIEM solutions to support cybersecurity operations, compliance, and threat intelligence objectives.
• Architect and manage data ingestion pipelines, including log routing, filtering, and transformation for on-premises and cloud environments.
• Develop and maintain data normalization, enrichment, and correlation rules to ensure accurate and actionable security event data.
• Implement and manage data collection tools and agents to gather logs from diverse sources, including cloud, infrastructure, endpoint, and application systems.
• Integrate data from hybrid infrastructure environments (on-premises and cloud) using services such as AWS CloudTrail, GuardDuty, Azure Sentinel, and O365 Security & Compliance Center.
• Apply DevOps and CI / CD tools to create reliable, repeatable, and automated data pipeline processes supporting continuous monitoring and detection.
• Develop and maintain automation scripts and utilities in JavaScript and Python for pipeline management, log parsing, and system integration.
• Write and optimize complex queries in Splunk Processing Language (SPL) or SQL for analytics, dashboards, and operational reporting.
• Ensure compliance with federal cybersecurity frameworks such as FISMA, NIST SP 800-53, NIST SP 800-92, OMB M-21-31, and CDM.
• Collaborate with cybersecurity operations, infrastructure, and DevOps teams to ensure comprehensive coverage and efficient performance of data collection and SIEM operations.
• Develop and maintain data dictionaries, documentation, and standard operating procedures (SOPs) for SIEM and data pipeline management.
• Provide technical leadership and mentorship, ensuring consistency in implementation, monitoring, and troubleshooting across teams.
• Communicate complex technical information and security concepts to both technical staff and executive stakeholders in clear, actionable terms.
• Apply data governance principles to ensure data accuracy, completeness, and protection throughout the security pipeline.
• Leverage the MITRE ATT&CK framework to align event data correlation with real-world adversarial behaviors and threat models.
• Collaborate with third-party vendors and cross-functional teams to support integrations, resolve technical challenges, and ensure enterprise interoperability.

Experience

Required Skills & Qualifications

Required Clearances

Preferred Qualifications

#J-18808-Ljbffr