Senior Security Integration Engineer; Elastic Stack Security Clearance

Position: Senior Security Integration Engineer (Elastic Stack) with Security Clearance
Description of Duties:
The Senior Security Integration Engineer (Elastic Stack) supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. The candidate will:

• Serve as a customer-facing technical lead responsible for onboarding, integrating, and optimizing security data sources into the Elastic Security Platform.

• Collaborate with customer technical teams to map their environment, plan ingestion strategies, update network and data flow diagrams, validate logging pipelines, and ensure successful end-to-end SIEM integration.

Key Responsibilities:

• Lead customer-facing technical discussions related to onboarding systems and data sources into Elastic SIEM.

• Conduct assessments of customer environments and identify required logging, telemetry, and network visibility gaps.

• Translate customer operational requirements into ingestion roadmaps and technical implementation plans.

• Develop, maintain, and version-control network diagrams, data flow diagrams, and SIEM onboarding documentation.

• Produce runbooks, integration guides, and operational reference materials.

• Monitor ingestion health and coordinate issue resolution with customers and internal teams.

• Ensure adherence to security policies, logging standards, and architectural governance.

• Provide technical guidance and mentorship to junior engineers working on data ingestion and SIEM onboarding tasks.

• Contribute to onboarding playbooks, best practices, and internal training sessions.

• Serve as a subject-matter expert on Elastic SIEM capabilities and logging integration patterns. The successful candidate will:

• Have expert proficiency with Elastic Stack design, ingestion, and optimization.

• Have advanced competency in network architecture, security telemetry, and log analytics.

• Have strong troubleshooting skills covering ingestion failures, ECS issues, agent deployment, and pipeline errors.

• Be skilled at engaging customers, translating requirements, and articulating complex integrations clearly.

• Be effective at producing structured, high-quality documentation and diagrams.

• Be able to execute ownership of complex projects from planning through execution.

• Be detail-oriented with a focus on accuracy, completeness, and mission assurance.

• Be able to balance customer requirements with architectural standards and best practices. Basic Requirements:

• Must have 10, or more, years of general (full-time) work experience
○ May be reduced with completion of advanced education

• Must have 5, or more, years of experience in cybersecurity engineering, systems integration, or SIEM operations

• Must have 2, or more, years of experience working in a management or leadership role, mentoring and guiding other team members

• Must have a strong understanding of enterprise networks, including routing, switching, VPNs, firewalls, and network security tools.

• Must have experience with data ingestion, processing, and enrichment techniques.

• Must be able to build and maintain network and data flow diagrams (e.g., Visio, Lucidchart, Draw.io).

• Must be proficient in Linux systems, command-line tools, and system administration fundamentals.

• Must have experience working directly with customers in a technical consulting or engineering capacity.
Must have a DoD 8570.01-M IAT Level II certification with Continuing Education (CE) - (CCNA-Security, CySA+, GICSP,
GSEC, Security+ CE, CND, SSCP)
•

• Must have an active DoD Secret Security Clearance

• Must be able to obtain an active DoD Top Secret Security Clearance
Desired Requirements:

• Be an Elastic Certified Engineer, Elastic Certified Analyst, or have relevant Elastic certifications.

• Have experience with cloud platforms and logging pipelines (AWS, Azure, GCP, cloud-native telemetry).

• Be familiar with ECS (Elastic Common Schema) and data normalization best practices.

• Have experience implementing detection engineering or threat hunting workflows in Elastic Security.

• Have knowledge of scripting languages (Python, Power Shell, Bash) to automate ingestion and data validation.

• Have experience integrating EDR, NDR, IAM, and vulnerability management logs into a SIEM.

• Have an understanding of MITRE ATT&CK, cyber kill chain, and threat intelligence ingestion.

• Have experience mentoring or leading small technical teams.