This position is a full-time position in the Office of Information Technology at the Supreme Court of the United States, in Washington, D.C. Under the guidance of the Court Information Security Officer, the incumbent will perform the full range of tasks and activities involved in developing, coordinating, implementing and maintaining standards, procedures and technical solutions to protect the confidentiality, integrity and availability of information systems and data.
The Security Information and Event Management (SIEM) Security Engineer will have overall responsibility for the SIEM program at the Court. The role requires working with system administrators, engineers, developers, and incident responders to identify relevant system events, implementing the design, normalization, ingest, and alerting of relevant logs. The SIEM Engineer serves a critical role in support of investigations and escalations of SIEM alerts. The SIEM Engineer also administers the SIEM hardware, software, and endpoint agents across the enterprise. As a Security Engineer within the Court's Information Assurance Group, this role performs additional security engineering duties as assigned.
The incumbent will be responsible for the following duties:
- Manage and evolve the SIEM program over time according to Court priorities
- Evaluate current and emerging SIEM technologies and risks
- Install, configure, and maintain SIEM software and hardware
- Architect, administer, configure, and optimize the SIEM platform to collect and correlate security event data
- Implement the NIST 800-53 Audit and Accountability (AU) control family according to the Information Security Policy and the needs of Court offices
- Define and update SIEM alerts, reports, and dashboards
- Work with the Incident Response Team to develop playbooks for responding to SIEM alerts
- Support the design and implementation of manual and automated response to security events (SOAR)
- Train personnel in SIEM program operation
- Coordinate and conduct SIEM training exercises with relevant stakeholders
- Work with Incident Response Team to create detection rules for emerging threats
- Participate in On-Call rotation (approximately one week every two months)
- Incorporate threat intelligence feeds and indicators of compromise into SIEM alerting and dashboards
- Coordinate with department stakeholders when new technologies are implemented to ensure appropriate data ingest