SIEM Content Developer

Locations: Columbus, OH | Fort Belvoir, VA | Battle Creek, MI

Position Summary

Northern Technologies Group, Inc. (NTG), an SBA-certified 8(a) small business, is committed to delivering high-quality IT and cybersecurity solutions to federal customers. We are actively pursuing new opportunities to support a Department of Defense customers cybersecurity mission. This position is part of a proposal effort and is contingent upon contract award. All offers and compensation will be determined based on contract terms and candidate qualifications.

NTG is seeking an experienced SIEM Content Developer to join our cyber defense team supporting a Department of Defense customer. You will work within a 24/7 security operations center, conducting live threat detection, analysis, and coordinated response across complex environments.

Essential Duties and Responsibilities

• Design and implement SIEM rules and correlation logic aligned with MITRE ATT&CK and threat intelligence.
• Develop and fine-tune detections and alerts to minimize false positives while maximizing visibility.
• Create and maintain dashboards, visualizations, and reports that support SOC operations.
• Integrate diverse log sources and validate data normalization across the enterprise.
• Leverage scripting languages such as PowerShell to enhance automation and detection capabilities.
• Collaborate with incident response analysts and threat hunters to support investigations and threat analysis.
• Document detection logic, configuration changes, and tuning actions in a structured and repeatable format.

Minimum Qualifications (Knowledge, Skills, and Abilities)

• Active and current Top Secret federal security clearance
• 5+ years of experience in IT with at least 3 years of hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, Trellix)
• Minimum of 3 years in systems or network administration roles
• DoD 8570/8140 IAT Level II (e.g., CompTIA Security+ CE, CySA+, GSEC, SSCP)
• CSSP-IR (Incident Responder) (e.g., CEH, CFR, GCFA, GCIH, SCYBER, or CYSA+)
• CND-CE certification within 6 months of hire
• Strong knowledge of SPL (Search Processing Language), PowerShell, and log correlation techniques
• Experience with the MITRE ATT&CK framework and security event analysis

Preferred Qualifications (Knowledge, Skills, and Abilities)

• Prior experience supporting DLA, DISA, or other defense agencies
• Background in security automation, threat intelligence integration, or SOAR tools
• Experience with Trellix (McAfee), Microsoft Sentinel, or Splunk ES in federal environments

Important Note

This position is part of a proposal effort and is contingent upon contract award. All offers and compensation will be determined based on contract terms and candidate qualifications.

Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodation may be made to enable individuals with disabilities to perform these functions.

While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand; walk; sit; and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate.

Northern Technologies Group is an equal opportunity employer. We do not discriminate based on race, color, religion, sex, national origin, disability, age, or any other protected status under federal, state, or local law.

Travel

Up to 10%

Shift

Hours and shift determined by location.

Note

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. This document does not create an employment contract, implied or otherwise, other than an at will relationship.