Sr. SIEM Engineer (Elastic + Confluent)

Overview

On Site
Depends on Experience
Contract - W2
Contract - Independent
Contract - 2 Year(s)
No Travel Required

Skills

5 years of hands-on experience in deployment and configuration and solution development using the Elastic Stack for security and logging use-cases.
Elasticsearch/Logstash/Kibana/Beats/Machine Learning and REST API integration
Strong technical foundation in building reliable/scalable and supportable systems
Experienced in Red Hat Enterprise Linux deployment and administration

Job Details

*** United States Citizenship (no dual citizenship) required per government contract. An Active DoD eligibility with favorable determination is required per government contract.
Main Sail is seeking a Sr. SIEM Engineer specializing in Elastic Stack and Confluent in support of the PEO Enterprise SIEM Consolidation / Cyber Defense effort. This effort is focused on the consolidation of PEO Enterprise multiple SIEM solutions (approx. 40) into one consolidated SIEM. This individual should have extensive experience with Security Information and Event Management (SIEM) deployment and tuning as well as Security Orchestration Automation and Response (SOAR) development and implementation.
Responsibilities:
Design, deploy, configure, and maintain Elastic stack and Confluent deployments
Manage, patch, and upgrade Elasticsearch, Confluent, and other related systems
Tune and optimize Elastic stack deployments based on application/customer needs
Design and configure ETL data pipelines to ingest customer defined data sets such as application logs, metrics, and or threat events
Create custom visualizations and dashboards using Kibana
Configure and maintain index templates and information lifecycle management (ILM) policies
Develop Elastic alerting solutions using Watcher and/or Kibana Rules and Connectors with integrations to ticketing systems, email, and messaging apps as required
Develop Machine Learning (ML) jobs to dynamically monitor and alert on identified metrics, KPIs, and/or data anomalies
Follow ITIL based change management processes to move solutions from Dev to Test and into Production
Run the day-to-day operations of the security operations center
Investigate incidents and lead response efforts as applicable
Required Skills:
A Secret clearance will be required to maintain this position
Compliance with DoD 8140 / 8570 IAT Level II certification prior to start date
At least 5 years of hands-on experience in deployment, configuration, and solution development using the Elastic Stack for security and logging use-cases. Specific experience with Elastic SIEM is plus
Demonstrated experience with the full Elastic Stack - Elasticsearch, Logstash, Kibana, Beats, Machine Learning, and REST API integration
Experience integrating Elasticsearch with external systems (e.g. SOAR tools, Threat Client Platforms)
Experience with data management: hot/warm/cold architectures, shard allocation/re-allocation, snapshots & restoration
Strong experience with evaluating existing Elastic clusters, configuration parameters, indexing, search and query performance tuning, security, and cluster administration
Experience integrating Elasticsearch with alternate authentication mechanisms such as SAML, LDAP, and PKI
Experience with supporting the Elastic Stack in on-prem and SaaS environments including system monitoring and tuning
Experience securing the Elastic stack and hardening hosting environments
Experience with the design and implement of highly scalable solutions using the Elastic Stack
Experience in developing data structures, data mapping from various sources to achieve data normalization using Elastic Common Schema
Experience developing Logstash and/or Elastic Ingest Pipelines
Experience developing custom visualizations and dashboards using Kibana, including creating specialized reporting solutions through Elasticsearch and Kibana APIs to meet complex stakeholder requirements
Experience in end-to-end Low-level design, development, administration, and delivery of Elasticsearch based reporting solutions
Strong technical foundation in building reliable, scalable, and supportable systems
Experienced in Red Hat Enterprise Linux deployment and administration
Desired Skills:
Experience using and developing Ansible playbooks for automation of system deployment and/or configuration
Experience with developing in multiple languages (Python, Bash, PowerShell, Painless, etc.).
Understanding of the MITRE Telecommunication & CK framework
Certified Elastic Engineer or willingness to gain certification within 90 days of hire
Experience with cloud environments (e.g., Azure, AWS, Google Cloud Platform, etc.) and cloud security architecture
Experience condensing large environments to a single pane of glass view to facilitate optimal operational efficiency
Experience leading incident response and forensic investigative initiatives
Demonstrated ability to create and present executive level briefings
Experience with Army policies, regulations, and processes preferred
Location: Fort Belvoir, 4-5 days per week on-site/local only
Period: ASAP with additional option years through 4/30/27 likely.
*** United States Citizenship (no dual citizenship) required per government contract. An Active DoD eligibility with favorable determination is required per government contract.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.