Senior Elastic Stack Data Integration Engineer Security Clearance

Position: Senior Elastic Stack Data Integration Engineer with Security Clearance
Description of Duties:
The Senior Elastic Stack Data Integration Engineer supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. The candidate will:

• Serve as the primary technical authority for designing, building, and maintaining data ingestion pipelines supporting Elastic SIEM.

• Focus on creating scalable, resilient Logstash architectures

• Develop advanced pipeline logic

• Normalize, enrich, and transform security telemetry

• Ensure reliable delivery of high-fidelity data to Elasticsearch

Key Responsibilities:

• Architect, build, and maintain Logstash pipelines to ingest and transform logs from diverse systems, including network devices, servers, cloud services, and security platforms.

• Implement parsing, grok patterns, JSON transformations, conditional routing, enrichment logic, and ECS mapping.

• Optimize pipeline performance, resiliency, and scalability (e.g., persistent queues, pipeline workers, memory tuning, load balancing).

• Ensure all ingested data aligns to ECS (Elastic Common Schema) or internal schema requirements.

• Implement data enrichment workflows (GeoIP, threat intel lookups, metadata injection).

• Validate data completeness, integrity, and fidelity across ingestion flows.

• Maintain and optimize Logstash clusters, including version management, scaling, tuning, and high-availability configurations.

• Manage integrations with Beats, Elastic Agent, Kafka, syslog endpoints, and custom data collectors.

• Monitor ingestion throughput, latency, and error rates; implement proactive alerting and troubleshooting processes.

• Create and maintain technical documentation, including pipeline diagrams, data flow maps, runbooks, and schema references.

• Establish enterprise standards for parsing, enrichment, normalization, and ingestion patterns.

• Support internal and external audits by documenting data handling flows and pipeline logic.

• Work closely with SIEM integration engineers to align pipelines with customer environments and logging requirements.

• Partner with detection engineering teams to ensure data supports analytic coverage and rule development.

• Collaborate with infrastructure and platform operations for deployment, scaling, and reliability engineering. The successful candidate will:

• Have a deep command of Logstash architecture, patterns, and performance optimization.

• Have a mastery of parsing, enrichment, normalization, and ECS alignment.

• Have a strong understanding of network protocols, logging patterns, and telemetry generation from enterprise systems.

• Have advanced troubleshooting skills across data ingestion, pipeline logic, and Elastic Stack processing layers.

• Be able to design scalable, HA ingestion workflows with clear operational boundaries.

• Be able to conduct data modeling, schema design, and transformation mapping.

• Be effective at interfacing with multiple teams, gathering requirements, and aligning pipeline designs with SIEM analytics needs.

• Be focused on reliability, maintainability, and observability across all pipeline components.

• Have strong attention to detail and a disciplined approach to documentation, versioning, and configuration management.

• Be able to work independently, drive pipeline architecture decisions, and mentor junior engineers.

• Have strong documentation, workflow diagramming, and communication skills. Basic Requirements:

• Must have 10, or more, years of general (full-time) work experience
○ May be reduced with completion of advanced education

• Must have 5, or more, years of experience in log ingestion, data engineering, or SIEM pipeline development

• Must have 2, or more, years of experience working in a management or leadership role, mentoring and guiding other team members.

• Must have a strong background in Elastic Stack components (Elasticsearch, Kibana, Beats, Elastic Agent).

• Must have experience with data ingestion, processing, and enrichment techniques.

• Must have hands-on experience ingesting, processing, and normalizing diverse log types (Windows events, syslog, firewall logs, cloud telemetry, security tooling).

• Must be proficient with Linux administration,…