Senior SIEM Engineer (Elastic + Confluent)

Senior SIEM Engineer (Elastic + Confluent)

Location: Fort Belvoir, VA - Onsite

Description & Responsibilities:

• Design, deploy, configure, and maintain Elastic SIEM solutions, including Elasticsearch, Logstash, Kibana, and Beats across on-premises and cloud environments.
• Optimize Elastic Stack performance, scalability, and reliability for high-volume security data ingestion and analysis.
• Develop and manage data ingestion pipelines, ensuring efficient and secure collection of logs and events from diverse sources.
• Create and fine-tune detection rules, correlation logic, and alerts to identify and respond to security threats effectively.
• Develop and customize Kibana dashboards, visualizations, and reports to provide actionable security insights for various stakeholders.
• Implement and manage Elastic Common Schema (ECS) for data normalization and consistency.
• Stay up-to-date with the latest Elastic Security features and best practices.
• Design, deploy, and manage Confluent Platform/Apache Kafka clusters for real-time data streaming of security events.
• Develop and maintain Kafka producers and consumers for seamless data flow between security tools and the Elastic SIEM.
• Utilize Kafka Streams or ksqlDB for in-flight data processing, enrichment, and filtering before ingestion into Elastic SIEM.
• Ensure the scalability, fault tolerance, and security of the Kafka infrastructure.
• Integrate Kafka with other data sources and security tools to feed relevant data into the SIEM.
• Collaborate with Security Operations Center (SOC) analysts to tune detection rules and improve alert fidelity.
• Assist in incident investigation and forensic analysis by leveraging SIEM data and capabilities.
• Develop and implement threat hunting methodologies using Elastic SIEM.
• Contribute to the development and refinement of incident response playbooks.
• Automate routine tasks related to SIEM and Kafka management using scripting languages (e.g., Python, PowerShell, Bash).
• Monitor system health, performance, and capacity of both Elastic and Confluent environments.
• Implement and adhere to change management processes for all SIEM and Kafka related modifications.
• Document SIEM/Kafka architectures, configurations, processes, and playbooks.
• Provide technical guidance and mentorship to junior security engineers and analysts.

Experience:

• 5/10 years of hands-on experience in SIEM engineering and administration.
• Minimum 3 years of experience specifically with the Elastic Stack (Elasticsearch, Logstash, Kibana, Beats) for SIEM use cases.
• Minimum 2 years of experience with Confluent Platform/Apache Kafka in a production environment.
• Elastic Stack Expertise/ Deep understanding of Elasticsearch indexing, querying, and cluster management. Proficiency in Logstash pipeline development, Beats configuration, and Kibana for visualization and alerting. Experience with Elastic SIEM modules and detections is highly desirable.
• Confluent Platform/Kafka Expertise/ Strong knowledge of Kafka architecture, topics, partitions, producers, consumers, Kafka Connect, and stream processing (ksqlDB, Kafka Streams).
• Proficient in at least one scripting language such as Python, PowerShell, or Bash for automation.
• Experience with developing parsers and transforming diverse log formats (syslog, JSON, CEF, LEEF) into a standardized format (ECS).
• Solid understanding of cybersecurity principles, threat landscapes, attack vectors, and incident response methodologies.

Desired Certifications & Qualifications:

• Education: Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• Elastic Certified Engineer
• Confluent Certified Developer/Administrator
• CISSP, CEH, CompTIA Security+ or equivalent