Job Information
SOS International LLC Enterprise Logging Solution (ELS) Lead in Ashburn, Virginia
Ashburn, VA, USA
Full-time
Clearance Requirement: Secret w/ T5
Company Description
Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.
Job Description
This position is contingent upon contract award
SOSi is seeking a highly qualified Enterprise Logging Solution (ELS) Lead to support a DHS enterprise cybersecurity program providing 24/7 Security Operations Center (SOC) services. The ELS Lead provides advanced technical leadership for enterprise-scale logging, monitoring, SIEM engineering, and telemetry integration efforts. This role ensures the reliability, performance, and modernization of CBP’s enterprise logging ecosystem across on-premises, cloud, and hybrid environments.
Responsibilities
Lead architecture, engineering, configuration, and optimization of enterprise logging platforms supporting DHS SOC operations.
Serve as the senior technical authority for SIEM engineering, log ingestion pipelines, parsing, data normalization, enrichment, and storage strategies.
Oversee onboarding of new data sources, including application, endpoint, network, cloud, and authentication telemetry.
Maintain and enhance log health monitoring, pipeline resiliency, and log integrity validation.
Coordinate with SOC analysts, Threat Hunt, IR, CTI, and engineering teams to ensure logging coverage aligns with detection, investigation, and compliance requirements.
Develop, maintain, and troubleshoot log ingestion processes, forwarders, collectors, and APIs.
Support dashboard, correlation rule, and alerting development by ensuring high-quality data availability.
Ensure compliance with CBP logging standards, federal logging mandates, and Zero Trust visibility requirements.
Lead modernization initiatives involving automation, cloud logging integrations, and data optimization.
Provide detailed technical reporting, architectural documentation, and data dictionaries.
Support vulnerability assessments, compliance audits, and cross-team engineering reviews.
Mentor junior engineers and support knowledge transfer across the SOC.
Qualifications
Experience
Five (5) years of experience serving as a senior Certified Splunk Administrator or Architect.
Understanding and practical experience in applying project management principles.
Experience with interconnected, heterogeneous systems; strong understanding of industry standards and technologies with experience in the application supporting a Federal Government security operations organization.
Experience in an enterprise IT environment as an applications or systems administrator working in Windows and Linux environments.
Experience with Linux and or Windows scripting languages and automation
Strong networking background
Strong security background
Experience with cloud orchestration tools and a strong understanding of Amazon Web Services cloud.
Certifications
One of the following (listed in preference)
Certified Splunk Architect II
CISSP
Clearance
- Secret (TS eligible).
Working Conditions
Normal office conditions with potential to perform duties in various CONUS locations
Core hours of operation are Monday through Friday, 0600 – 1700.
May be requested to work evenings and weekends to meet program and contract needs.
Additional Information
Work Environment
Work hybrid/on-site as required.
Normal office conditions with potential to perform duties in CONUS locations.
Core hours of operation are Monday through Friday, 0600 – 1700.
May be requested to work evenings and weekends to meet program and contract needs.
Working at SOSi
All interested individuals will receive consideration and will not be discriminated against for any reason.
SOSi is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.