We are seeking an Elastic SIEM Engineer for immediate hire, contingent upon contract award which is imminent. The successful candidate will be responsible for managing the Elastic Cloud Enterprise & Elasticsearch platforms for an agency in DHS within Swish Data’s Center of Excellence (COE). You will be focused on the day-to-day operations and improvement of the ECE cluster utilized as the SIEM function within this agency.
Successful candidates will need to be familiar ElasticSearch, Kibana, Logstash, SOC operations, open-source security frameworks, and Linux.
This is an amazing opportunity for a cyber security engineer who thrives on protecting the US Government, and US citizens, from bad actors. Location for this position is in the Springfield VA area, primarily at a government facility.
Tasks within technical deployment and services:
- Elastic SIEM solution development, integration, platform architecture, and capacity planning in mission-critical environments
- Deploying additional Elastic clusters using infrastructure as code (Ansible playbooks)
- Maintain, secure, and upgrade ECE deployments
- Integrate log and sensor data into ELK
- Data modeling, query development and optimization, cluster tuning and scaling with a focus on fast search and analytics at scale
- Streamline cybersecurity tactics, techniques and procedures
- Create dashboards and reports in ELK
- Leverage data analytics can machine learning algorithms for cyber operations
- Provide adoption awareness and training for the ELK SIEM
- Working with a multi-tenant platform and working with tenants to understand requirements
- Providing subject matter expertise to assist the rest of the team in their roles
- 7+ years of experience with IT with a focus in Linux sysadmin or cyber operations
- 3+ years of experience with hands on operations of sizing, monitoring, and management, and open-source tools, including Kafka, Logstash, Beats, Elasticsearch, Kibana, or Splunk
- Knowledge of planning and executing data retention and life cycle management plans
- Hands-on experience administrating Elasticsearch clusters (10+ Data nodes)
- Experience with Java, databases and Linux
- Knowledge of information retrieval and/or analytics domain
- Experience with load balancing, DNS, TLS certificate generation and SAML integration.
- Experience working with data solutions in a public sector
- Excel at working directly with customers to gather, prioritize, plan and execute solutions to customer business requirements as it relates to our technologies
- Active DOD Secret clearance
- Elastic Certified Analyst (ECA) and/or Elastic Certified Engineer (ECE) certifications
- Security+, CEH, RHCSA, LFCS or similar certifications.
- Knowledge of NIST 800-53 and DISA Security Technical Implementation Guides (STIGs), and risk management processes
- Experience integrating Elasticsearch Enterprise wide deployments (10+ Data nodes)
- Hands on experience with VMWare virtualization
- Experience as a technical instructor or technical writer