SIEM Engineer

Zachary Piper Solutions is seeking a SIEM Engineer to join a leading client in the cybersecurity and defense industry supporting critical security operations. The SIEM Engineer role is a hybrid position requiring onsite presence in RTP, NC on Tuesdays and Thursdays. This opportunity is best suited for a security professional with strong Splunk expertise, AWS exposure, and experience in SOC or incident response environments who thrives in a fast-paced, mission-driven setting.Responsibilities of the SIEM Engineer include: Engineer and enhance Splunk Enterprise Security detections, dashboards, and correlation searches to strengthen threat visibility Build and support automation workflows and playbooks within Splunk SOAR to streamline response efforts Integrate and normalize diverse security data sources into Splunk while ensuring data quality and performance optimization Partner with SOC and engineering teams to refine detection capabilities and improve operational efficiency across the environment Lead and support incident investigations, coordinating response actions and contributing to continuous monitoring coverageRequirements of the SIEM Engineer include: Active Secret Clearance 5+ years of experience in SIEM engineering, SOC operations, or incident response Advanced proficiency with Splunk, including writing complex SPL queries and building production-grade dashboards (similar to Ashley Brown-level experience) Experience integrating AWS services (such as AWS Security Hub) and other security tools into a centralized SIEM platform Strong understanding of data onboarding, CIM normalization, and Splunk knowledge objects, with the ability to operate in high-pressure environments Ability to work onsite twice weekly in RTP, NC – Tuesday and ThursdayCompensation for the SIEM Engineer include: $115,000 – 125,000 annually Full Comprehensive Benefits: Health, Vision, Dental, PTO, Paid Holiday and Sick Leave if Required by Law. This job opens for applications on 06/05/2026. Applications for this job will be accepted for at least 30 days from the posting date.Keywords: SIEM Engineer, Splunk, SOC, Incident Response, AWS, Security Operations, Hybrid