Security Operations Center Engineer

General Dynamics Information Technology (GDIT) is seeking a highly skilled and motivated Security Operations Center (SOC) Engineer to join our dynamic Cybersecurity team. In this role, you will be instrumental in developing and maintaining the tools and capabilities used to monitor, analyze, and respond to security threats. The ideal candidate brings a strong foundation in cybersecurity principles, hands-on experience with SIEM platforms, and the ability to thrive in a fast-paced, collaborative environment. Advance your career and support critical national security missions as a SOC Cybersecurity Engineer at GDIT, where technologists have diverse pathways to grow and make an impact across federal cyber operations.

HOW A SECURITY OPERATIONS CENTER (SOC) ENGINEER WILL MAKE AN IMPACT :

• Engineering & Tuning: Develop, refine, and maintain detection rules in SIEM and EDR platforms to enhance detection quality and minimize false positives.

• Tool Development & Integration: Design and implement custom security tools and integrations using APIs to connect and optimize security platforms.

• Detection Engineering: Build and optimize complex SIEM detections (e.g., Splunk) to identify advanced threats.

• SOAR Automation: Create automation playbooks for tasks such as alert triage, IP blocking, and host isolation.

• Log Pipeline Management: Oversee ingestion, normalization, and parsing of custom data sources to ensure end‑to‑end visibility.

• Incident Monitoring & Response: Monitor and analyze security events from SIEM, IDS/IPS, firewalls, and other security tools; respond to incidents in real time.

• Security Architecture: Partner with the SOC Architect to design scalable, resilient security infrastructure.

• Collaboration & Communication: Work closely with cybersecurity, IT, and engineering teams to ensure cohesive incident response and system integration.

• Security Enhancements: Identify opportunities to strengthen security processes, implement best practices, and contribute to continuous SOC improvement.

WHAT YOU’LL NEED TO SUCCEED:

• Bachelor’s degree in Cybersecurity, Information Technology, or related discipline, or equivalent experience

• Minimum 5 years of experience in a SOC or cybersecurity-focused role

• Hands-on experience with SIEM tools such as Splunk, IBM QRadar, or ArcSight

• Strong understanding of cybersecurity concepts including network security, firewalls, IDS/IPS, and vulnerability management

• Familiarity with incident response practices and NIST security frameworks

• Strong analytical skills, attention to detail, and ability to prioritize effectively

• At least one relevant certification (e.g., CompTIA Security+, CySA+, CISSP, CEH, CISM, CASP, GSEC, GCIH)

• Experience with HBSS/ Trellix

• Excellent written and verbal communication skills

Security Clearance Level: active TS/SCI clearance

US Citizenship required

Work is onsite at customer facility

Desired Skills:

• Security Stack Mastery: Hands-on experience building/configuring SIEM, EDR/XDR, and SOAR platforms.

• Data Normalization: Experience with log parsing (Regex) and data modeling (CIM compliance).

• Familiarity with advanced threat detection, indicators of compromise, attack frameworks and incident response methodologies.

• Experience with threat intelligence, malware analysis, threat hunting.

• Experience with vulnerability management tools and techniques.

• Experience with endpoint security products.

• Experience with cloud security (VMWare Cloud Foundations).

• Experience with Zero Trust architecture and principles.

• Knowledge of scripting languages (e.g., PowerShell, Python, Bash) is a plus.