Job Description :

We are seeking an Elastic SIEM Engineer for immediate hire, contingent upon contract award which is imminent. The successful candidate will be responsible for managing the Elastic Cloud Enterprise & Elasticsearch platforms for an agency in DHS within Swish Data’s Center of Excellence (COE). You will be focused on the day-to-day operations and improvement of the ECE cluster utilized as the SIEM function within this agency.

Successful candidates will need to be familiar ElasticSearch, Kibana, Logstash, SOC operations, open-source security frameworks, and Linux.

This is an amazing opportunity for a cyber security engineer who thrives on protecting the US Government, and US citizens, from bad actors. Location for this position is in the Springfield VA area, primarily at a government facility.


Tasks within technical deployment and services:

  • Elastic SIEM solution development, integration, platform architecture, and capacity planning in mission-critical environments
  • Deploying additional Elastic clusters using infrastructure as code (Ansible playbooks)
  • Maintain, secure, and upgrade ECE deployments
  • Integrate log and sensor data into ELK
  • Data modeling, query development and optimization, cluster tuning and scaling with a focus on fast search and analytics at scale
  • Streamline cybersecurity tactics, techniques and procedures
  • Create dashboards and reports in ELK
  • Leverage data analytics can machine learning algorithms for cyber operations
  • Provide adoption awareness and training for the ELK SIEM
  • Working with a multi-tenant platform and working with tenants to understand requirements
  • Providing subject matter expertise to assist the rest of the team in their roles

Technical/Business Knowledge

  • 7+ years of experience with IT with a focus in Linux sysadmin or cyber operations
  • 3+ years of experience with hands on operations of sizing, monitoring, and management, and open-source tools, including Kafka, Logstash, Beats, Elasticsearch, Kibana, or Splunk
  • Knowledge of planning and executing data retention and life cycle management plans
  • Hands-on experience administrating Elasticsearch clusters (10+ Data nodes)
  • Experience with Java, databases and Linux
  • Knowledge of information retrieval and/or analytics domain
  • Experience with load balancing, DNS, TLS certificate generation and SAML integration.
  • Experience working with data solutions in a public sector
  • Excel at working directly with customers to gather, prioritize, plan and execute solutions to customer business requirements as it relates to our technologies
  • Active DOD Secret clearance

Bonus points

  • Elastic Certified Analyst (ECA) and/or Elastic Certified Engineer (ECE) certifications
  • Security+, CEH, RHCSA, LFCS or similar certifications.
  • Knowledge of NIST 800-53 and DISA Security Technical Implementation Guides (STIGs), and risk management processes
  • Experience integrating Elasticsearch Enterprise wide deployments (10+ Data nodes)
  • Hands on experience with VMWare virtualization
  • Experience as a technical instructor or technical writer

Similar Jobs you may be interested in ..