cFocus Softwareorporated logo

CBO - Senior Security Engineer

cFocus Softwareorporated
5 days ago
Full-time
Remote
United States
Cybersecurity & InfoSec
cFocus Software seeks a Senior Security Engineer to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.
Qualifications:
  • Active Public Trust clearance
  • B.S. Computer Science, Information Technology, or a related field
  • 8+ years of Security Engineering experience
  • Strong experience with Microsoft Sentinel (SIEM) operations and engineering
  • Experience with Microsoft Defender for Endpoint (MDE) and Defender for Identity (MDI)
  • Knowledge of AWS logging (CloudTrail, VPC Flow Logs) and cloud security monitoring
  • Experience with log ingestion, normalization, and schema mapping
  • Understanding of incident response, threat detection, and SOC operations
  • Familiarity with NIST frameworks (800-53, 800-61, 800-92) and Zero Trust principles
  • Experience with detection engineering and threat hunting methodologies
  • Preferred certifications include but are not limited to
    • GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
    • Microsoft Sentinel or Microsoft security platform certifications
    • Relevant cloud security certifications (e.g., AWS security)
    • Privacy certifications (e.g., CIPP/US, CIPM) where applicable

Duties:
  • Review Microsoft Sentinel log ingestion, pipeline health, and monitoring coverage
  • Validate, develop, and tune detection use cases aligned with MITRE ATT&CK
  • Identify telemetry gaps and ensure proper ingestion and normalization of logs
  • Coordinate remediation activities with CBO IRM staff
  • Support vulnerability prioritization and patch governance validation
  • Validate log routing, transformation, and normalization (e.g., Cribl or similar tools)
  • Provide technical support during security incidents and escalation events
  • Support detection engineering, threat hunting, and SOC automation initiatives
  • Ensure alignment with Microsoft Defender (Endpoint, Identity) and AWS log sources