Saliense

Role Description The SIEM Engineer is responsible for the design, deployment, maintenance, optimization, and continuous improvement of the organization's Security Information and Event Management platform. - Ensures security telemetry is collected, normalized, enriched, retained, and analyzed effectively. - Develops correlation rules, dashboards, reports, use cases, and alerting logic that enable the SOC to detect threats accurately and efficiently. - Works closely with SOC analysts, threat hunters, incident responders, cloud engineers, and infrastructure teams to ensure comprehensive visibility across the enterprise environment. - Responsible for maintaining platform performance, onboarding new log sources, improving detection coverage, and supporting compliance reporting requirements. Qualifications - Deep knowledge of SIEM architecture, log management, security monitoring, event correlation, detection engineering, and enterprise security operations. - Experience working with large-scale SIEM platforms, cloud security logs, endpoint telemetry, network security logs, identity systems, and threat intelligence integration. - Strong analytical and technical skills, including experience with query languages, data parsing, data normalization, use case development, and performance optimization.

Role Description The SOAR and AI Engineer is responsible for designing, implementing, maintaining, and optimizing security automation and orchestration capabilities across the Security Operations Center. The position also uses AI to accelerate the cybersecurity response process and manage security breaches or system failures specifically targeting AI models and environments. - Develops automated workflows that reduce manual effort, improve response speed, and increase operational consistency. - Integrates security tools, develops automated response actions, builds investigation playbooks, and continuously improves operational efficiency. - Works closely with SOC analysts, incident responders, threat hunters, and security engineers to identify repetitive tasks that can be automated. - Transforms manual workflows into scalable automated processes that enable the SOC to operate at greater speed and effectiveness. - Plays a critical role in modernizing security operations and reducing analyst workload while improving response quality. Qualifications - Strong knowledge of security operations, incident response processes, API integrations, artificial intelligence, workflow automation, scripting, and orchestration platforms. - Experience integrating SIEM platforms, EDR solutions, threat intelligence feeds, ticketing systems, cloud security services, vulnerability management tools, and communication platforms. - Strong scripting and automation skills, including experience with Python, PowerShell, REST APIs, JSON, and workflow design. - Deep understanding of SOC processes to automate them effectively. - Required certifications include Security+, CASP+, CISSP, vendor-specific SOAR certifications, or equivalent experience.

Role Description The Incident Commander serves as the senior operational leader during cybersecurity incidents and is responsible for directing, coordinating, and managing all response activities throughout the incident lifecycle. This position acts as the central decision-maker during major cyber events, ensuring that technical teams, business stakeholders, executive leadership, and external partners operate in a coordinated and effective manner. The Incident Commander leads incident response efforts involving: - Ransomware - Data breaches - Cloud compromises - Insider threats - Business email compromise - Advanced persistent threats - Other high-impact security incidents The role is responsible for: - Establishing response priorities - Coordinating technical investigations - Managing escalation activities - Directing containment and recovery actions - Ensuring timely communication with executive leadership and stakeholders The Incident Commander serves as the bridge between technical teams and organizational leadership by translating complex technical findings into actionable business information. The position oversees: - Incident status reporting - Executive briefings - Operational decision-making - Forensic coordination - Threat intelligence integration - Post-incident reviews The Incident Commander is ultimately accountable for ensuring incidents are managed efficiently, risks are minimized, and business operations are restored as quickly and safely as possible. Qualifications - Extensive experience leading cybersecurity incident response operations within enterprise, government, defense, critical infrastructure, or managed security service environments - Strong expertise in incident response, crisis management, cyber defense operations, threat intelligence, digital forensics coordination, and executive communications - Experience managing complex security incidents involving multiple teams, technologies, stakeholders, and business units - Strong knowledge of incident handling methodologies, cyber attack lifecycles, ransomware response, breach management, cloud security incidents, and enterprise security operations - Exceptional leadership, communication, and organizational skills - Capability of delivering executive briefings, managing stakeholder expectations, facilitating crisis communications, and translating technical information into business-focused recommendations - Experience coordinating forensic investigations, threat intelligence activities, legal considerations, regulatory reporting, and recovery operations is highly desirable Requirements - Preferred certifications include CISSP, GCIH, GCFA, CISM, CASP+, PMP, ITIL, or equivalent industry-recognized certifications - Equivalent experience leading major cybersecurity incidents, crisis response operations, or cyber defense missions may be considered in lieu of specific certifications Core Skills - Incident Response Leadership - Crisis Management - Executive Briefings and Communications - Threat Intelligence Integration - Digital Forensics Coordination - Major Incident Management - Cybersecurity Operations - Risk Assessment and Decision Making - Stakeholder Management - Recovery and Business Continuity Coordination - Regulatory and Reporting Awareness - Cross-Functional Team Leadership

Role Description The Digital Forensics Analyst is responsible for collecting, preserving, analyzing, and documenting digital evidence associated with cybersecurity incidents, investigations, legal proceedings, and insider threat cases. - Conducts forensic examinations of computers, servers, mobile devices, cloud environments, virtual systems, and storage media to determine what occurred during a security incident. - Reconstructs timelines, identifies attacker activity, recovers deleted artifacts, and supports root cause investigations. - Maintains evidence integrity, follows chain-of-custody procedures, and produces detailed investigative reports suitable for executive, legal, regulatory, and law enforcement review. - Frequently supports ransomware investigations, insider threat investigations, fraud investigations, intellectual property theft cases, and major breach investigations. Qualifications - Advanced knowledge of digital forensics principles, evidence preservation techniques, forensic acquisition methods, operating systems, file systems, memory analysis, and artifact analysis. - Experience using industry-standard forensic tools and conducting investigations across Windows, Linux, macOS, cloud platforms, and mobile devices. - Strong documentation skills due to the legal and evidentiary nature of forensic work. - Patience, precision, objectivity, and the ability to produce defensible findings based on evidence rather than assumptions. - Required certifications include GCFA, GCFE, EnCE, CHFI, CFCE, or equivalent forensic certifications.

Role Description The GRC Engineer supports the implementation, operation, and modernization of the organization’s Governance, Risk, and Compliance (GRC) platform. This role works closely with the GRC Lead Engineer and Innovation Team as well as development and security teams to maintain a secure, compliant, and well-documented GRC environment aligned with federal security mandates and government policies. The GRC Engineer contributes to system configuration, integrations, reporting related to RMF activities, and supports system migrations and continuous monitoring through automation, documentation, and evidence collection. - Install, configure, operate, and maintain GRC systems across production and non-production environments in accordance with approved configuration baselines and change control procedures. - Support releases, upgrades, and patches by executing regression testing, validating configurations, and assisting with rollback strategies. - Develop and maintain integrations between the GRC platform and enterprise tools such as asset management systems, SIEM solutions, and cloud platforms (AWS, Azure, and Google Cloud). - Implement and maintain APIs or other automated interfaces to synchronize data between GRC systems and related enterprise security tools. - Create and administer GRC user and service accounts, supporting RBAC implementation and least-privilege access, and integrating with approved identity and SSO services. - Assist in defining and enforcing data quality, synchronization, and validation rules; maintain logging and auditable evidence to support compliance, records management, and internal audits. - Create, maintain, and update standardized documentation templates (e.g., SSPPs, POA&Ms, Risk Acceptance Requests, FISMA questionnaires) and support associated approval workflows. - Contribute to a centralized knowledge repository by developing and maintaining runbooks, SOPs, workflow documentation, and integration guides. Qualifications - Minimum three (3)+ years of experience required in listed tasks. - Bachelor's degree. - Experience administering and supporting GRC solutions in a federal or highly regulated environment. - Hands-on experience supporting system migrations or enhancements within GRC platforms, including assisting with control mappings and data transformation. - Experience developing or supporting automated data integrations using APIs or similar mechanisms. - Familiarity with cloud-native security and compliance tooling across AWS, Azure, and GCP environments. - Experience developing reports and dashboards that translate technical risk and compliance data into actionable insights for stakeholders. - Experience supporting cybersecurity compliance activities and RMF authorization processes for federal information systems. - Working knowledge of NIST RMF, NIST SP 800-53 Rev. 5, and FISMA requirements. - Experience supporting audits by maintaining accurate configurations, documentation, and evidence. - Experience working with GRC platforms such as CSAM and/or RegScale (administration or operational support). - Strong collaboration skills and a customer-focused mindset. - Background in systems engineering, security engineering, or related technical disciplines preferred.