Centralized Logging & SIEM Deployment Specialist

About the Role

The Centralized Logging and SIEM Deployment Specialist will be responsible for researching, designing, and implementing a centralized logging solution and Security Information and Event Management (SIEM) system. This role is critical to ensure compliance with the Office of Management and Budget (OMB) Memorandum M-22-09, which mandates enterprise-wide logging across all endpoints, servers, and applications. The successful candidate will lead the efforts to facilitate rapid incident response and provide remediation recommendations during security incidents through the effective deployment of a centralized logging and SIEM system.

Role Description:

Data Collection and Analysis:

• Gather and document detailed information on existing systems, including the number and types of workstations and servers, their operating systems, and whether they are on-premises or cloud-hosted.
• Identify the various application platforms used to ensure comprehensive coverage in the logging and SIEM solution.

Evaluation and Recommendation:

• Research and evaluate leading industry solutions for centralized logging and SIEM that support applications and infrastructure.
• Develop detailed recommendations for the best-suited logging/SIEM solution providers based on the agency’s needs, security requirements, and compliance obligations.

Implementation Oversight:

• Lead the implementation of the chosen centralized logging and SIEM solution across all systems, ensuring seamless integration with existing infrastructure.
• Coordinate with internal and external stakeholders to ensure the successful deployment of the SIEM, including data ingestion from all endpoints, servers, and applications.
• Provide expert guidance on optimizing the SIEM for rapid incident response and the generation of actionable security alerts and reports.

Compliance and Reporting:

• Ensure that the deployed solution meets all relevant compliance requirements, including OMB M-22-09.
• Develop and maintain documentation related to the deployment, configuration, and ongoing management of the centralized logging and SIEM solution.

Training and Knowledge Transfer:

• Conduct training sessions for staff on the use and management of the centralized logging and SIEM system.
• Develop knowledge transfer materials to ensure the long-term success of the system.

Required Qualifications & Education:

• Bachelor’s degree.
• Minimum of 8 years of experience in IT security, with a focus on logging, monitoring, and SIEM deployment.
• Proven experience in implementing centralized logging solutions and SIEM systems in a complex enterprise environment.
• Strong understanding of logging protocols, SIEM architecture, and cybersecurity principles.
• Familiarity with various operating systems, cloud platforms, and application environments.
• Expertise in evaluating and implementing SIEM tools such as Splunk, IBM QRadar, or similar solutions.
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication skills with the ability to convey complex technical concepts to non-technical stakeholders.
• Ability to work independently and as part of a team in a fast-paced environment.

Desired Qualifications:

• A master’s degree is preferred.
• Relevant certifications such as CISSP, CISM, or SIEM-specific certifications are highly desirable.

Clearance Requirements:

• Must successfully qualify for a Public Trust Clearance.

About NR Labs

At NR Labs, our passion is to solve the hard problems that keep security leaders up at night in a way that caters to their unique technical, financial, political, and business posture. Our company empowers every organization to achieve its cyber potential. NR Labs focuses on cybersecurity for public and private sector clients and is dedicated to solving their most complex cyber challenges. If you are curious in learning more about NR Labs, please visit our website at nrlabs.com.