SIEM Administrator

Full Job Description

About SLEDThe South Carolina Law Enforcement Division (SLED) is a premier statewide law enforcement agency dedicated to serving and protecting the citizens of South Carolina.

With a proud history rooted in integrity, professionalism, and public service, SLED is committed to providing high-quality investigative, intelligence, and forensic services to support law enforcement agencies across the state.

At SLED, we value dedication, ethical conduct, accountability, and a strong commitment to justice.

Our agency plays a vital role in maintaining public safety and supporting criminal justice efforts at the local, state, and federal levels.

From advanced forensic science to homeland security, criminal investigations, and criminal justice information systems, SLED's diverse responsibilities make it one of the most dynamic law enforcement agencies in the state.

We foster a professional work environment where teamwork, respect, and continuous improvement are fundamental. Our employees are held to the highest standards and are given opportunities to grow within a mission-driven organization that makes a meaningful difference in South Carolina communities.

Learn more about why you should join our team at www.sled.sc.gov.

General Responsibility
The SIEM Administrator is responsible for designing and implementing best practices within the organization' SIEM, maintaining log ingestion, and parsing to ensure the SIEM is collecting all relevant log sources and presenting the information in a useful manner to analysts. This role is responsible for creating and maintaining automation workflows within the SIEM to increase the efficiency of the organization's SOC. The SIEM Administrator will also serve as a subject matter expert in assisting the South Carolina Critical Infrastructure Cybersecurity members with implementing best practices and providing recommendation on log sources to ingest while providing assistance as needed.

Specific Duties

• Manage the organization's SIEM solution according to industry best practices to ensure the organization is postured to identify and counter emerging cyber threats.
• Conduct log ingestion monitoring to ensure contact log ingestion of critical log sources. Normalize and parse new log sources for ingestion, and ensure proper log forwarding, parsing, and enrichment of logs.
• Monitor log retention to meet regulatory requirements and ensure SOC has access to enough logs and data to respond to incidents. Supervise the storage capacity, indexing performance, and search head/cluster health to ensure availability.
• Create and maintain automation workflows within the SIEM utilizing SOAR integration to increase efficiency and provide the SOC with additional capabilities and enrichment of alert data.
• Assist the detection engineer and SOC in tuning rules to reduce false positives while maintaining detection efficacy and provide support in threat hunting initiatives with custom searches and analytics.
• Provide SC CIC agencies with subject matter expertise in SIEM management and additional support to increase their security posture and prepare them to handle security incidents.

Requirements

• Bachelor's degree in a related field or at least four (4) years of relevant work experience in the areas of information technology, information security, and risk management.
• Must have good written and verbal communication skills.
• Must have the ability to lead mid level position in Information Security.
• Must have a strong foundational knowledge in cybersecurity concepts and operations.
• Must have a comprehensive understanding of Windows and third party application log sources, log ingestion, and log parsing.
• This position is in-person based in Columbia, South Carolina.
• Position is expected to be available on-call 24/7.
• Statewide travel, including some overnight travel, will be required.

Additional Information

South Carolina Law Enforcement Division (SLED) is committed to providing equal employment opportunities to all applicants and does not discriminate on the basis of race, color, religion, sex (including pregnancy, childbirth, or related medical conditions, including, but not limited, to lactation), national origin, age (40 or older), disability or genetic information.

SLED offers an exceptional benefits package for FTE positions that includes:

• Health, Dental, Vision, Long Term Disability, and Life Insurance for Employee, Spouse, and Children
• 15 days annual (vacation) leave per year
• 15 days sick leave per year
• 13 paid holidays
• Paid Parental Leave
• State Retirement Plan and Deferred Compensation Programs

Supplemental questions are considered part of the official application. Any misrepresentation of yourself may be grounds for disqualification.

Conditional selection based on candidate education, training, experience, oral interviews and clearance of background investigation.