Overview
On Site
$doe
Contract - W2
Contract - Independent
Contract - 12+ Month(s)
Skills
FISMA
FedRAMP
AWS Security Lake
Cribl Stream
M21-31
AWS Security Hub
Job Details
TECHNOGEN, Inc. is a Proven Leader in providing full IT Services, Software Development and Solutions for 15 years.
TECHNOGEN is a Small & Woman Owned Minority Business with GSA Advantage Certification. We have offices in VA; MD & Offshore development centers in India. We have successfully executed 100+ projects for clients ranging from small business and non-profits to Fortune 50 companies and federal, state and local agencies.
Position: AWS Security Data Platform Engineer
Location: Remote, with quarterly visits to Rockville, MD.
Duration: 12-month initial contract (with 2 12-month renewal options)
Job Description:
Notes:
Clearance: Ability to obtain Public Trust clearance (required).
The client seeks an experienced contractor to architect, implement, and manage a comprehensive security data platform integrating AWS Security Lake, Cribl Stream, and AWS Security Hub.
Location: Remote, with quarterly visits to Rockville, MD.
Duration: 12-month initial contract (with 2 12-month renewal options)
Job Description:
Notes:
Clearance: Ability to obtain Public Trust clearance (required).
The client seeks an experienced contractor to architect, implement, and manage a comprehensive security data platform integrating AWS Security Lake, Cribl Stream, and AWS Security Hub.
Key Responsibilities:
AWS Security Lake Management
Design and implement Security Lake custom sources for OCSF compliance.
Configure native AWS log sources (CloudTrail, VPC Flow, GuardDuty, Config, Security Hub).
Establish 30-month retention policies for M21-31 federal compliance.
Manage Security Lake subscribers and access controls.
Implement cross-account log aggregation across Client's AWS Organization.
Cribl Stream Platform Engineering
Deploy and manage Cribl Stream workers on AWS EKS.
Develop OCSF transformation pipelines for event normalization.
Implement intelligent data routing and cost optimization strategies.
Configure advanced data sampling and filtering for non-production environments.
Build custom parsers for Client-specific log sources and applications.
Manage Cribl-to-Security Lake integration with schema validation.
AWS Security Hub Integration
Configure Security Hub across all AWS accounts in Client's organization.
Implement custom findings aggregation and correlation rules.
Integrate Security Hub with existing SIEM and ticketing systems.
Develop automated remediation workflows for common security findings.
Multi-Tenant Architecture Design
Implement business unit separation (BHW, DCSP, HSB, DFI, PRF, DAPS, etc.).
Design environment-based access controls (Production, Non-Production, Sandbox).
Configure role-based access using AWS IAM Identity Center.
Establish data classification and handling procedures.
OpenSearch Security Analytics
Configure ingestion pipelines from Security Lake.
Implement index lifecycle management and retention policies.
Build dashboards and alerting rules.
Optimize query performance and storage costs.
Integrate with Client's existing SOC workflows.
Required Technical Expertise:
AWS Security Services (Expert Level)
AWS Security Lake: custom sources, OCSF schema, Lake Formation permissions.
AWS Security Hub: multi-account setup, custom insights, finding aggregation.
AWS Organizations: SCPs, account management, cross-account access.
AWS IAM: Identity Center, least-privilege access, cross-account roles.
AWS CloudTrail: management and data events, multi-region logging.
AWS Config: compliance rules, remediation actions, conformance packs.
Cribl Platform (Expert Level)
Stream workers, leaders, deployment architectures.
Parsing, transformation, and routing pipelines.
OCSF transformation: schema validation, field mapping, error handling.
Performance optimization: throughput tuning, memory management, scaling.
Integration patterns: S3, SQS, OpenSearch, Splunk, webhooks.
Data Engineering & Analytics
OpenSearch index management, search optimization, and analytics.
Parquet/JSON formats and compression optimization.
AWS Glue crawlers, catalogs, schema evolution.
Amazon Athena query optimization and partitioning.
Time-series data management and retention.
Infrastructure & DevOps
AWS EKS: orchestration, scaling, and policies.
Terraform: IaC, state management, modular design.
AWS VPC: private connectivity, security groups.
Monitoring: CloudWatch, AWS X-Ray, performance monitoring.
CI/CD: GitLab/GitHub Actions, automated testing, deployment pipelines.
Domain Expertise Requirements:
Federal Compliance & Security
M21-31 logging requirements and implementation.
FISMA compliance frameworks and controls.
Incident response procedures and playbooks.
Data classification and handling for government agencies.
SOC 2 Type II and FedRAMP considerations.
Healthcare Sector Knowledge (Preferred)
HIPAA compliance and PHI data handling.
Healthcare threat landscape and attack patterns.
Medical device/IoT threat detection.
Healthcare-specific compliance reporting requirements.
Certifications & Experience:
Mandatory Certifications
AWS Certified Security Specialty.
One of: AWS Solutions Architect Professional OR AWS DevOps Engineer Professional.
Cribl Certified Administrator (or obtainable within 90 days).
Preferred Certifications
AWS Certified Advanced Networking Specialty.
CISSP.
CEH or equivalent.
Elasticsearch/OpenSearch Certified Engineer.
AWS Security Lake Management
Design and implement Security Lake custom sources for OCSF compliance.
Configure native AWS log sources (CloudTrail, VPC Flow, GuardDuty, Config, Security Hub).
Establish 30-month retention policies for M21-31 federal compliance.
Manage Security Lake subscribers and access controls.
Implement cross-account log aggregation across Client's AWS Organization.
Cribl Stream Platform Engineering
Deploy and manage Cribl Stream workers on AWS EKS.
Develop OCSF transformation pipelines for event normalization.
Implement intelligent data routing and cost optimization strategies.
Configure advanced data sampling and filtering for non-production environments.
Build custom parsers for Client-specific log sources and applications.
Manage Cribl-to-Security Lake integration with schema validation.
AWS Security Hub Integration
Configure Security Hub across all AWS accounts in Client's organization.
Implement custom findings aggregation and correlation rules.
Integrate Security Hub with existing SIEM and ticketing systems.
Develop automated remediation workflows for common security findings.
Multi-Tenant Architecture Design
Implement business unit separation (BHW, DCSP, HSB, DFI, PRF, DAPS, etc.).
Design environment-based access controls (Production, Non-Production, Sandbox).
Configure role-based access using AWS IAM Identity Center.
Establish data classification and handling procedures.
OpenSearch Security Analytics
Configure ingestion pipelines from Security Lake.
Implement index lifecycle management and retention policies.
Build dashboards and alerting rules.
Optimize query performance and storage costs.
Integrate with Client's existing SOC workflows.
Required Technical Expertise:
AWS Security Services (Expert Level)
AWS Security Lake: custom sources, OCSF schema, Lake Formation permissions.
AWS Security Hub: multi-account setup, custom insights, finding aggregation.
AWS Organizations: SCPs, account management, cross-account access.
AWS IAM: Identity Center, least-privilege access, cross-account roles.
AWS CloudTrail: management and data events, multi-region logging.
AWS Config: compliance rules, remediation actions, conformance packs.
Cribl Platform (Expert Level)
Stream workers, leaders, deployment architectures.
Parsing, transformation, and routing pipelines.
OCSF transformation: schema validation, field mapping, error handling.
Performance optimization: throughput tuning, memory management, scaling.
Integration patterns: S3, SQS, OpenSearch, Splunk, webhooks.
Data Engineering & Analytics
OpenSearch index management, search optimization, and analytics.
Parquet/JSON formats and compression optimization.
AWS Glue crawlers, catalogs, schema evolution.
Amazon Athena query optimization and partitioning.
Time-series data management and retention.
Infrastructure & DevOps
AWS EKS: orchestration, scaling, and policies.
Terraform: IaC, state management, modular design.
AWS VPC: private connectivity, security groups.
Monitoring: CloudWatch, AWS X-Ray, performance monitoring.
CI/CD: GitLab/GitHub Actions, automated testing, deployment pipelines.
Domain Expertise Requirements:
Federal Compliance & Security
M21-31 logging requirements and implementation.
FISMA compliance frameworks and controls.
Incident response procedures and playbooks.
Data classification and handling for government agencies.
SOC 2 Type II and FedRAMP considerations.
Healthcare Sector Knowledge (Preferred)
HIPAA compliance and PHI data handling.
Healthcare threat landscape and attack patterns.
Medical device/IoT threat detection.
Healthcare-specific compliance reporting requirements.
Certifications & Experience:
Mandatory Certifications
AWS Certified Security Specialty.
One of: AWS Solutions Architect Professional OR AWS DevOps Engineer Professional.
Cribl Certified Administrator (or obtainable within 90 days).
Preferred Certifications
AWS Certified Advanced Networking Specialty.
CISSP.
CEH or equivalent.
Elasticsearch/OpenSearch Certified Engineer.
Experience Requirements
Minimum 7 years in security engineering and data platform architecture.
3+ years with AWS Security Lake & Security Hub.
3+ years production experience with Cribl Stream.
2+ years federal/government compliance (M21-31, FISMA, FedRAMP).
Minimum 7 years in security engineering and data platform architecture.
3+ years with AWS Security Lake & Security Hub.
3+ years production experience with Cribl Stream.
2+ years federal/government compliance (M21-31, FISMA, FedRAMP).
Best Regards,
Ashok Kumar
Sr. Talent Acquisition Specialist
Email:
Web: ;br /> 4229 Lafayette Center Dr, Suite 1880, Chantilly, VA 20151
Ashok Kumar
Sr. Talent Acquisition Specialist
Email:
Web: ;br /> 4229 Lafayette Center Dr, Suite 1880, Chantilly, VA 20151
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.