Position: Cybersecurity (SIEM) Engineer
Location: Suffolk, VA
Clearance: Secret or Higher
Description:
Participate as member of DevSecOps team of analysts, engineers, civilian, and military personnel who identify and research solutions to solve mission needs. Using Agile methodology and relevant tools and technologies, apply your unique skills to approach and solve analytical cyber-security problems utilizing Elasticsearch tools.
This is a technical, hands-on role responsible for the successful operation of a variety of cybersecurity tools, logging framework, and cybersecurity infrastructure. Support written technical deliverables for customers and build new capabilities. Contributions to infrastructure, data pipeline, analytics dashboards, and other resources will be delivered to threat analysts for consumption. Enhance the Joint Staffs ability to secure systems and networks through implementation of the Elastic product familys SIEM tool.
Required Skills:
Candidate must have at least 6 years of experience in Engineering, Physics, Network Security, Information Systems or Computer Science to include: Systems Analysis, Systems Architecture, Systems/Equipment Support, Test and Evaluation, and Logistics support of C4ISR requirements.
2+ years' relevant experience with DoD Security practices and cyber security controls with an understanding of security methodologies.
2-3 years experience with the Elasticsearch platform and building an enterprise level Elasticsearch solution.
Configure multiple inputs (cloud, network appliances, Linux, Windows, Kubernetes, Application Monitoring) to ship logs to Elastic via syslog, secure syslog, REST API, SNMP, etc.
Facilitate data ingestion of logs including Extract, Transform, and Load (ETL) functions using Logstash, Beats, and other technologies to develop dashboards, visualization, and alerting.
Serve as SME and implement ELK (ElasticSearch, Logstash and Kibana, Beats, APM, Elastic Common Schema (ECS), Fleet, and Elastic Security) stack solutions using Elastic Cloud on Kubernetes.
Knowledge of Threat Intelligence feeds and their implantation in a SIEM.
Knowledge in Java, memory management, fine tuning etc.
Experience configuring and tuning Linux-based Operating Systems in support of Elastic products (including updates, memory optimization, etc.).
Provide Elastic Search tuning/optimizing based on application needs.
Design, deploy, configure, test, troubleshoot, maintain, update/upgrade of Elastic Stack environments.
Collaborate and work with a diverse group of engineers in developing solutions for ingesting heterogeneous datasets in large volumes.
SME on Indexing Data, Queries, Aggregations, Mappings. JSON and KQL query language.
Experience developing visualizations using Kibana.
Ability to integrate with other operational data platforms and tools including Kafka, xSOAR, etc.
Assist in the planning of resources to continuously optimize the infrastructure and configuration of Elasticsearch to ensure a healthy and high-performance production deployment.
Familiarity with TLS, certificates, SSO/PIV authentication, and encryption technologies.
Ability to Integrate other security processes (intelligence processing, IOC searching) into the Elastic environment.
Serve as a trusted SME for the customers Elastic environment, providing insights and recommendations on data tiering, best practices, and optimization of queries.
Ability to create documentation, data flow diagrams, and versioned code samples to illustrate system build and operation processes for SIEM environment.
Demonstrated ability to clearly and effectively communicate both verbally and in written format.
Good overall computer skills, including Microsoft Word, Microsoft Excel, and other MS Office applications.
Self-directed, results-oriented, and flexible; works well under pressure and adheres to tight deadlines.
Ability to multi-task and prioritize in a fast paced, team-oriented environment.
Education:
Bachelors Degree in Computer Science, Information Technology/Systems, engineering, or related field. In lieu of education, 12 years of relevant job experience may be substituted.
Certifications:
IA/Cybersecurity Workforce IAT Level II qualifying baseline certification required, i.e. CompTIA Security+ CE (or other approved from DoD Approved 8570 Baseline Certifications list), AND
Computing environment training certificate or certification in related discipline.
