SYSMON Engineer, Senior

Key Role:

Design, deploy, configure, optimize, and validate the deployment of Microsoft's System Monitor (SYSMON) for clients. Work with in-house teams to understand the customer’s needs and goals to leverage SYSMON data collected within their own environment to help develop an in-depth understanding of activities occurring at the host level across the Enterprise. Take a critical approach to solution design, identifying gaps, providing alternatives, and customizing solutions to maintain a balance of security and business needs. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.

Basic Qualifications:

  • 2+ years of experience in working with SYSMON as an alternative to an Enterprise Endpoint Detection and Response (EDR) solution

  • 2+ years of experience with performing systems administration, including basic troubleshooting and installation, monitoring system performance or availability, performing security upgrades, and optimizing solution configurations to meet the needs of operational users

  • 2+ years of experience working within a Security Operations Center (SOC) environment, leveraging SYSMON or EDR tools to support incident response, vulnerability scanning, threat hunting, network monitoring or log management, and compliance management activities

  • Experience with deployment of SYSMON or EDR solution in a customer environment

  • Experience with development and maintenance of an Enterprise's SYSMON configuration file, including refinement of data produced, and integration if the SYSMON data with Enterprise SIEM solutions, such as Splunk or Elastic

  • Ability to obtain a security clearance

  • HS diploma or GED

Additional Qualifications:

  • Experience with triaging security events in a SOC environment and leveraging data collected from enterprise security solutions

  • Experience providing support in a Tier I or II IT operations and maintenance role, including ticket work information updates, issue responses, and remediation

  • Knowledge of federal information security policies, standards, procedures, directives, frameworks, federal security authorizations, assessment, and risk management processes for enterprise systems

  • Ability to integrate cybersecurity data using enterprise or custom tools and data aggregation and analysis tools, including Splunk

  • Ability to provide content on deliverables, including written reports and technical documents, SOPs, configuration guides, and Training and briefing materials

  • Possession of solid written and oral communication skills

  • Bachelor’s degree


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.


At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.

The salary for this position will be determined based on various factors. The proposed salary range for this position in Colorado is 110,000 to 125,000.

We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.

Not ready to apply? Join our talent community and sign up for job alerts.