Delaware Nation Investments Emerging Technologies is seeking a highly qualified Cloud Security SME for one of our USSOCOM programs. This person will support USSOCOM enterprise Information Technology detection, response, and countermeasure actions across the enterprise by implementing a cloud Secure Information and Event Manager (SIEM) solution to ingest security telemetry data from endpoints and other third-party data connections to conduct analysis, recognize trends, and threats or misconfigurations within the enterprise.
Responsibilities:
The technical solution for Microsoft Sentinel Optimization Services.
A proposed process and policy development to support the implementation and training of the Microsoft Sentinel Optimization Services
Development of user training on Microsoft Sentinel Optimization Services and provides hands-on training to Government personnel.
Transition the maintenance and data of Microsoft Sentinel Optimization Services.
Management of the Microsoft Sentinel SIEM which may include:
Tuning and optimization of Azure Sentinel Baseline and Analytical Detection Rules.
Enabling and configuring Microsoft Sentinel data connectors for native tools.
Performance and cost metrics monthly reports which include:
Log source volume and data types ingested.
Recommended modifications to existing data sources to optimize data ingestion costs and security relevance/importance of log data being ingested.
Overall cost attributed to Microsoft Sentinel ingest.
Quarterly cyber readiness reviews to review overall protection, detection, response capabilities, and program hygiene.
Provide a deep-dive session to review any findings from the initial Sentinel analysis and introduce additional value propositions.
Architectural documentation displaying all connector inputs to Microsoft Sentinel.
Assessment of existing endpoint protection technologies and their integration into Microsoft Sentinel.
Repository of Microsoft Sentinel ingest requests
Establish a Lighthouse connection between DISA and the customer
Provide in-person training to the Government on the SIEM solution
Deliver Full Operational Capability (FOC) NLT 28 April 2025
Formal Administrator acceptance brief, knowledge transfer, and transition plan
Qualifications:
Active TS/SCI Security Clearance
CompTIA SEC+ and other required IAW DOD 8570
Expertise in Microsoft Cloud technologies, Microsoft Azure, Microsoft Sentinel, and Microsoft Defender for Endpoint
Well-versed in AQL query
Focus on how information moves across the system from one application to another.
Expertise in requirements engineering, data architecture, testing, and solution deployments including understanding how systems interact with technical architectures.
Able to make data to easily publish and share data with other applications and data architects design database systems.
Create and organize large bits of information
Produce methodologies within the data framework to maintain the consistency and accuracy of the data
Produce/design data models that represent the structure of data within the data framework