"Alerted.org

Description

Tyto Athene is searching for a forward-thinking and self-motivated **SIEM Content Engineer** to focus on enhancing a government client’s detection content for their Security Operations Center (SOC). This exciting role requires curiosity, creativity, and critical thinking skills, as well as superior attention to detail, great organizational skills, and the ability to work in a highly collaborative work environment.

Responsibilities:

+ Evaluate existing SIEM content to determine which content should be removed or updated to improve fidelity

+ Leverage the MITRE ATT&CK framework, monitor the threat landscape and evaluate existing data sources to identify opportunities for new SIEM content development

+ Support the onboarding of new data sources by developing relevant SIEM content

+ Develop SIEM detection uses cases and review them with relevant stakeholders, such as security engineers, SIEM engineers, SOC analysts, and incident responders

+ Collaborate with security engineers to improve logging from various appliances and correct misconfigurations

+ Coordinate closely with SOC analysts and incident responders to develop playbooks for triaging and responding to events created by the SIEM tool

+ Develop and maintain a SIEM content catalog, including mapping to the MITRE ATT&CK framework, to improve the efficiency of deploying the security stack to new environments

+ Design, develop, and monitor various dashboards and reports that provide information on content coverage, alerting, and fidelity

Qualifications

Required:

+ Bachelor’s degree required

+ Eight (8) years of general work experience (with at least six (6) years of IT/Cyber experience) and two (2) years of experience using Splunk (or a similar SIEM tool) in a cybersecurity context (e.g., as a content developer, administrator, or SOC analyst, etc.…)

+ Direct experience developing SIEM content in collaboration with a Tier 1 security operations center

+ Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms

+ Ability to manage, analyze, and report complex data in an easy-to-understand format for a variety of stakeholders

+ Familiarity with the MITRE ATT&CK Framework

+ Experience with Splunk and development

+ Experience developing Splunk dashboards, reports, and alerts

Desired:

+ Experience with Splunk Enterprise Security is a plus

Clearance:

+ Secret Clearance required

Location:

+ Remote

About Tyto Athene

Compensation:

+ Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically between $150,000-$160,000. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits:

+ Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave.

Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation that drives measurable success. Our expertise spans four core technology domains—Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT—empowering our clients with cutting-edge solutions tailored to their evolving needs. With over 50 years of experience, Tyto Athene proudly support Defense, Intelligence, Space, National Security, Civilian, Health, and Public Safety clients across the United States and worldwide.

At Tyto Athene, we believe that success starts with our people. We foster a collaborative, innovative, and mission-driven environment where every team member plays a critical role in shaping the future of technology. Are you ready to join #TeamTyto?

Tyto Athene, LLC is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, [sexual orientation, gender identity,] national origin, disability, status as a protected veteran, or any characteristic protected by applicable law.

Submit a Referral (https://careers-gotyto.icims.com/jobs/1644/siem-content-engineer/job?mode=apply&apply=yes&in\_iframe=1&hashed=-1834326889)

**Location** _US-DC-Washington_

**ID** _2026-1644_

**Category** _Information Technology_

**Position Type** _Full-Time_