Senior Elastic Stack Data Integration Engineer
Listed on 2026-06-23
-
IT/Tech
Systems Engineer, Data Engineering, Cloud Computing: Infrastructure & Operations
Senior Elastic Stack Data Integration Engineer
At cb5, we are on a mission to find exceptional talent. Our tight-knit organization is led by five brothers, each technology leaders in their respective technical fields and driven to foster a culture of excellence through solidarity. We are seeking a Senior Elastic Stack Data Integration Engineer to serve as a member of a Service Infrastructure team. This team is on the front lines, shaping the systems that protect us from advanced threats.
We are looking for highly motivated, results-oriented professionals who thrive on solving complex technical challenges in a dynamic environment.
The Senior Elastic Stack Data Integration Engineer supports a DOD/DOW customer and will serve as the primary technical authority for designing, building, and maintaining data ingestion pipelines supporting Elastic SIEM. This role focuses on creating scalable, resilient Logstash architectures; developing advanced pipeline logic; normalizing, enriching, and transforming security telemetry; and ensuring reliable delivery of high-fidelity data to Elasticsearch.
This is a full-time position working onsite at a location in Colorado Springs, CO or Huntsville, AL, requiring less than 10% travel.
Key Responsibilities- Architect, build, and maintain Logstash pipelines to ingest and transform logs from diverse systems, including network devices, servers, cloud services, and security platforms.
- Implement parsing, grok patterns, JSON transformations, conditional routing, enrichment logic, and ECS mapping.
- Optimize pipeline performance, resiliency, and scalability (e.g., persistent queues, pipeline workers, memory tuning, load balancing).
- Ensure all ingested data aligns to ECS (Elastic Common Schema) or internal schema requirements.
- Implement data enrichment workflows (GeoIP, threat intel lookups, metadata injection).
- Validate data completeness, integrity, and fidelity across ingestion flows.
- Maintain and optimize Logstash clusters, including version management, scaling, tuning, and high-availability configurations.
- Manage integrations with Beats, Elastic Agent, Kafka, syslog endpoints, and custom data collectors.
- Monitor ingestion throughput, latency, and error rates; implement proactive alerting and troubleshooting processes.
- Create and maintain technical documentation, including pipeline diagrams, data flow maps, runbooks, and schema references.
- Establish enterprise standards for parsing, enrichment, normalization, and ingestion patterns.
- Support internal and external audits by documenting data handling flows and pipeline logic.
- Work closely with SIEM integration engineers to align pipelines with customer environments and logging requirements.
- Partner with detection engineering teams to ensure data supports analytic coverage and rule development.
- Collaborate with infrastructure and platform operations for deployment, scaling, and reliability engineering.
The successful candidate will have:
- Demonstrated ability to work independently, drive pipeline architecture decisions, and mentor junior engineers.
- Strong documentation, workflow diagramming, and communication skills.
- Deep command of Logstash architecture, patterns, and performance optimization.
- Mastery of parsing, enrichment, normalization, and ECS alignment.
- Strong understanding of network protocols, logging patterns, and telemetry generation from enterprise systems.
- Advanced troubleshooting skills across data ingestion, pipeline logic, and Elastic Stack processing layers.
- Capability to design scalable, HA ingestion workflows with clear operational boundaries.
- Ability to conduct data modeling, schema design, and transformation mapping.
- Effective at interfacing with multiple teams, gathering requirements, and aligning pipeline designs with SIEM analytics needs.
- Focused on reliability, maintainability, and observability across all pipeline components.
- Strong attention to detail and a disciplined approach to documentation, versioning, and configuration management.
- 5+ years of experience in log ingestion, data engineering, or SIEM pipeline development.
- 2+ years of experience in a lead or senior role, mentoring and guiding other team members.
- Must…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).