Senior Cyber Security Engineer role at MANTECH, supporting mission-critical cybersecurity operations in Chantilly, VA (onsite). You’ll design, deploy, and maintain secure data collection/monitoring solutions, heavily focused on Splunk engineering, ingestion reliability, and access control. Standout requirement/perk: active TS/SCI with Polygraph required.
- Mission-critical cybersecurity operations
- Hands-on Splunk engineering ownership
- TS/SCI Poly cleared program
MANTECH seeks a motivated, career and customer-oriented Senior Cyber Security Engineer to join our team in Chantilly, VA.
In this role, you will support mission-critical cybersecurity operations by designing, deploying, and maintaining secure, resilient data collection and monitoring solutions that enable informed decision-making across the enterprise.
Responsibilities include but are not limited to:
- Troubleshoot new and existing data collection issues to ensure accurate and reliable ingestion of security-relevant data.
- Diagnose and resolve system issues that impact stability, performance, or usability.
- Deploy, manage, and maintain supported and unsupported Splunk Add-ons required for specific data sources.
- Develop and maintain documentation, including Body of Evidence (BOE) artifacts, engineering documentation, change management records, system security plans, and accreditation materials, as required.
- Deliver a comprehensive Splunk deployment document detailing specifications, deployment methods, and architectural considerations for production environments.
- Implement and maintain strict role-based access control to ensure data is accessible on a validated need-to-know basis.
- Design and deploy Splunk forwarders using centralized configuration management through the Splunk Deployment Server to support rapid and consistent deployments.
Minimum Qualifications:
- Bachelor’s degree, or 4+ additional years of cyber experience in lieu of a degree.
- 5+ years of experience in a cybersecurity role.
- Experience with Security Information and Event Management (SIEM) platforms and/or Splunk.
- Knowledge of Linux systems administration, general operating system security practices, TCP/IP networking, and network security concepts.
- Knowledge of Certification and Accreditation (C&A) processes.
- Knowledge of DoD policy and technical security guidance for information systems.
- DoD Directive 8570.1 IAT Level II or higher certification, or the ability to obtain within six (6) months.
- Splunk certification is required.
Preferred Qualifications:
- Experience with Linux distributions, including Red Hat and CentOS.
- Experience with AWS or other cloud environments.
- Knowledge of ICS 500-27 audit collection requirements.
- Familiarity with Enterprise Security Services, Host Based Security Services, Enterprise Vulnerability Scanning Services, and User Activity Monitoring (UAM).
- Ability to modify feed creation to ingest customer logs in standardized formats to meet policy and compliance requirements.
Clearance Requirements:
- An active TS/SCI with Polygraph is required.
Physical Requirements:
- Must be able to remain in a stationary position 50% of the time.
- Occasionally moves about inside the office to access file cabinets, office machinery, or to communicate with co-workers, management, and customers via email, phone, or virtual communication, which may involve delivering presentations.