Senior Principal Cybersecurity Engineer

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.  

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement and more.

Who we’re looking for:

We are seeking a Senior Principal Cybersecurity Engineer to provide advanced technical expertise in troubleshooting, system stability, and SIEM engineering. The ideal candidate will lead Splunk integration and deployment efforts, develop technical documentation, and ensure compliance with DoD cybersecurity policies and processes. The Sr. Principal Cybersecurity Engineer role requires both depth in cybersecurity engineering and hands-on skill with enterprise security platforms. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

• Troubleshoot new and existing data collection issues.
• Troubleshoot system issues that cause instability or impact usability.
• Deploy and manage supported and unsupported Splunk add-ons for specific data sources.
• Prepare documentation including body of evidence artifacts, engineering documents, change management records, system security plans, and accreditation materials.
• Deliver comprehensive Splunk deployment documentation detailing specifications, deployment methods, and architectural considerations.
• Maintain strict role-based access control (RBAC) solutions to ensure appropriate data access.
• Design and deploy Splunk forwarders with centralized configuration management using Splunk Deployment Server.

What you need to know:

• Strong understanding of SIEM platforms with emphasis on Splunk.
• Knowledge of Linux administration and operating system security practices.
• Knowledge of TCP/IP networking and network security concepts.
• Familiarity with Certification & Accreditation processes.
• Knowledge of DoD cybersecurity policy and technical security guidance.

Must have’s:

• Bachelor’s degree or 4+ additional years of experience in lieu of degree.
• Splunk certification plus one or more of the DoD 8570.1 IAT Level II (or higher) certifications, or ability to obtain within six (6) months.
• 10+ years of experience in a cybersecurity role.
• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Experience with Security Information and Event Management (SIEM) platforms and/or Splunk.
• Knowledge of Linux systems administration, general operating system security practices, TCP/IP networking, and network security concepts.
• Knowledge of Certification & Accreditation processes.
• Knowledge of DoD policy and technical security guidance for information systems.
• Must possess an active TS/SCI clearance with Polygraph.

Beneficial to have:

• Experience with Linux distributions including Red Hat and CentOS.
• Experience with AWS or other cloud environments.
• Knowledge of ICS 500-27 for audit collection requirements.
• Knowledge of Enterprise Security Services, Host-Based Security Service, Enterprise Vulnerability Scanning Service, and User Activity Monitoring (UAM).
• Ability to modify feed creation processes to ingest customer logs in standardized formats to meet policy requirements.

Where it’s done:

• Onsite (Denver, CO).