Senior Security Engineer (Hybrid – Onsite vSOC Support)

Position OverviewWe are seeking a highly skilled Senior Security Engineer to support a federal client’s Virtual Security Operations Center (vSOC). This role serves as the primary onsite technical lead, responsible for ensuring effective security monitoring, detection engineering, and coordination with internal stakeholders.The selected candidate will work in a hybrid capacity, providing onsite support 2–3 days per week, with additional presence required during security incidents or elevated operational demand.Key ResponsibilitiesReview and validate Microsoft Sentinel log ingestion, data pipelines, and monitoring coverageDevelop, validate, and tune detection use cases aligned with threat intelligence and best practicesIdentify telemetry gaps, ingestion failures, and monitoring blind spotsCoordinate with internal teams to support incident response and remediation activitiesSupport vulnerability prioritization and validate patch governance processesValidate and optimize log routing, normalization, and ingestion pipelines (e.g., Cribl or similar tools)Provide onsite technical support during active security incidentsEnsure alignment with Zero Trust principles and enterprise security architectureRequired Qualifications7+ years of experience in cybersecurity, SOC operations, or security engineeringHands-on experience with:Microsoft Sentinel (SIEM)Microsoft Defender for Endpoint (Windows & macOS)Microsoft Defender for IdentityAWS log ingestion and cloud telemetryStrong understanding of:SIEM architecture and log managementThreat detection and incident response workflowsLog normalization and data correlationExperience identifying and resolving log ingestion and telemetry issuesAbility to work onsite and collaborate directly with stakeholdersPreferred QualificationsExperience supporting federal or regulated environments (CUI, PII, FTI, PHI)Familiarity with NIST frameworks (800-53, 800-61, 800-171)Experience with tools such as Cribl or similar log pipeline technologiesRelevant certifications (preferred):Microsoft Security Certifications (e.g., SC-200, SC-300)CISSP, CEH, GCIA, or equivalentEducationBachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field or equivalent work experienceClearance / EligibilityNo active clearance requiredMust be eligible to obtain and maintain a federal background investigation and onsite access approvalWork ModelHybrid role: 2–3 days onsite per week in Washington, DCAdditional onsite presence required during security incidents or high-priority eventsWorks in coordination with a 24 x 7 remote SOC team