Security Engineer

We need a technical professional responsible for designing, building, and maintaining systems that protect an organization’s data, networks, and IT infrastructure from cyber-attacks. In this position, you will focus on proactive defense by creating secure architectures and automated defenses.

• Design and deploy firewalls, intrusion detection systems or intrusion prevention systems (IDS/IPS), and encryption protocols.
• Conduct regular penetration tests and security audits to identify and patch system weaknesses.
• Perform Identity and Access Management (IAM), including implementing policies to ensure only authorized users can access sensitive company data.
• Lead or assist in the technical response to security breaches, including digital forensics and damage mitigation.
• Create and enforce company-wide security standards such as password management and data classification.
• Develop relationships quickly and easily with other teams, communicating the complexities of security with a wide variety of audiences, including senior management.
• Manage infrastructure and cybersecurity controls, including enhanced detection and vulnerability capabilities and improved event correlation in large enterprises.
• Lead risk and vulnerability assessments in network, system, and application areas.
• Leverage big data analytics and traditional security event types to identify advanced threats or indicators of compromise.

• 6+ years of experience administering Elastic Stack, including Elasticsearch, Kibana, Logstash, Beats, or Fleet.
• Experience managing Elasticsearch index lifecycle policies, index templates, and data streams at scale, and building Kibana dashboards, visualizations, and lens-based analytics for security operations.
• Experience with Elastic Security detection rules, alerts, and case management workflows.
• Experience with log ingestion pipeline design, including parsing, enrichment, and normalization across heterogeneous log sources such as network, endpoint, identity, and cloud.
• Experience with Elastic Common Schema (ECS) and mapping non-standard log sources into ECS‑compliant fields.
• Experience with ES|QL or EQL for advanced threat hunting and detection‑as‑code workflows.
• Experience working in a DoD, IC, or federal cybersecurity environment such as SOC, SIEM operations, or defensive cyber.
• HS diploma or GED.
• Secret clearance.

• Experience building SOAR‑related automation around Elastic, including webhook actions, connector integrations, or n8n / XSOAR orchestration.
• Experience with Elastic's transforms and runtime fields for creating enriched security datasets and risk scoring indices.
• Experience with RAG architectures or vector search in Elasticsearch for security knowledge retrieval, including TTP lookup and incident context enrichment.
• Experience with Elastic's ML jobs, including for User and Entity Behavior Analytics (UEBA), rare process detection, or anomalous login patterns.
• Experience with Elastic AI Assistant or integration of LLMs into Elastic Security workflows such as natural language querying and alert triage assistance.
• Experience building or fine‑tuning ML models outside Elastic, including Python, scikit‑learn, and PyTorch, for security use cases such as threat detection or lateral movement scoring.
• Knowledge of AI/ML concepts applied to security analytics such as anomaly detection, behavioral baselining, or threat scoring.
• TS/SCI clearance.

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information;
Secret clearance is required.

Salary range: $ to $ (annualized USD). The compensation package includes health, life, disability, financial, and retirement benefits, paid leave, professional development, tuition assistance, work‑life programs, and dependent care. Employees working at least 20 hours a week are eligible for Booz Allen’s benefit programs.

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran, or any other status protected by applicable federal, state, local, or international law.