Information Security Engineer: III

Cybersecurity
Washington
May 14, 2026
Full Time
Apply Now

Job Description

Company: Saxon Global

Location: Washington, US

Cybersecurity Analyst

The role will be responsible for supporting the Cyber Detect foundational capabilities that include Centralized Logging and Monitoring using CrowdStrike Falcon Next-Gen SIEM, ONUM and supporting the migration from Splunk Cloud, CRIBL, Syslog-NG and related products to CrowdStrike Falcon Next-Gen SIEM.

Duties and Responsibilities:
• Support US SIEM Operation and migration of log sources to CrowdStrike Falcon Next-Gen SIEM ensuring proper coverage by validation that log data is complete using multiple criteria (volume, type of events and enriched fields).
• Support and enable data bifurcation from existing SIEM environment to the new CrowdStrike Falcon Next-Gen SIEM to allow migration.
• Coordinate implementation of requirements to allow data bifurcation to CrowdStrike Falcon Next-Gen SIEM.
• Coordinate validation of Internet/GSNet bandwidth requirements and Proxy capacity to support log data bifurcation form Ingestion layer to CrowdStrike Falcon Next-Gen SIEM.
• Monitor for potential log outages and maintain log sources reporting to the SIEM.
• Validate that required log data for US unique requirements are migrated properly. FRB Apps including SOX/GLBA, DB logs, Badge logs, PingFed, IBM API connect, etc.
• Perform log source data analysis to confirm parsing rules are working as expected. Validating required fields and ensure applicable CIM (Common Information Model) compliance.
• Implement requirements on source hosts to configure necessary components to forward logs to CrowdStrike Falcon Next-Gen SIEM as required by Global standard. This includes Logical Servers and any other sources that require new clients or agents such as CrowdStrike/ONUM/etc.
• Request, coordinate and implement FW rules, network routing and DNS resolution to support Migration to CrowdStrike Falcon Next-Gen SIEM.
• Validate US profiles and permissions are migrate as expected to CrowdStrike Falcon Next-Gen SIEM.
• Document, maintain and improve SIEM Log Source onboarding process for relevant sources including Cloud and SaaS applications.
• Review and provide system configuration and log onboarding requirements to system owners. Update documentation as required.
• Collaborate with other Cyber Security Operations teams to document and implement logging and monitoring capabilities to meet established requirements including Virginia Log Ingestion Layer for scalability with Load Balancer and Proxy support.
• Maintain and update dashboards, reports, log source coverage metrics, and other relevant criteria.
• Participate in the development of monitoring Use Cases as required to enhance the logging and monitoring function.
• Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices.

Business Need:

Net new position

Must-Have Requirements:
• 5 years demonstrable experience in log source onboarding into Splunk Enterprise Security and Centralized Cybersecurity Logging and monitoring
• Experience with CrowdStrike Falcon Next-Gen SIEM, ONUJM, CRIBL, SPL (Splunk scripting Language) and Python – 2+ years of experience with Red Hat Linux, Windows
• Experience in information security sharing platforms like memberships to trust groups for intelligence sharing (FS-ISAC)
• Bachelor’s degree in Cybersecurity, Computer Science or related field, or the equivalent combination of education, professional training, or work experience
• Bilingual in Spanish/English

Core Competencies:
• Knowledge and experience in CrowdStrike Falcon Next-Gen SIEM, ONUM, Splunk ES SIEM in Security Incident Event Management processes, Log source onboarding, Logging and Monitoring requirements.
• Knowledge and experience in a SIEM environment with common IT and Security Tools: CrowdStrike Falcon, ONUM, CRIBL, Firewalls, Proxy, DNS, VPN, Active Directory, Windows, Linux, etc.
• Familiar with Jira, ServiceNow CMDB and Confluence.
• Experience or familiarity with implementing and configuring log sources to report to SIEM and Centralized Logging and Monitoring Solutions including Splunk, CRIBL and Syslog-NG or equivalent products.
• Familiarity with the National Institute of Standards and Technology (NIST) Cyber Security Framework and Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT).
• Excellent organizational and analytical skills.
• Experience working on global/multicultural teams across different time zones.
• Ability to present critical security deficiencies and solutions to multiple audiences.
• Excellent communication and organizational skills.
• Outstanding work ethic with a passion for information security.
• Splunk User and Power User. SANS or related certification in the areas of cybersecurity network, antimalware and forensic analysis (GREM, GCIA, GCFA, GCIH).

Interview Process:

Source: Lensa

Related Jobs