Sr. SIEM Engineer Security Clearance

Position: Sr. SIEM Engineer with Security Clearance
Role:
Sr. SIEM Engineer (Elastic+ Confluence)

Location:

5 days onsite in Ft. Belvoir, VA
Duration:
Long Term Contract
Citizenship: US Citizen (able to obtain Secret Clearance) They either need to be Elastic Certified or be willing to obtain an Elastic Certification within the first 90 days. Looking for a SME with security and transport experience as well as working with the system feeding Elastic. Top Requirements Elastic
Confluence
Security+ or any IAT Level II Cert
SIEM experience Responsibilities:

• Design, deploy, configure, and maintain Elastic stack and Confluent deployments

• Manage, patch, and upgrade Elasticsearch, Confluent, and other related systems

• Tune and optimize Elastic stack deployments based on application/customer needs

• Design and configure ETL data pipelines to ingest customer defined data sets such as application logs, metrics, and or threat events

• Create custom visualizations and dashboards using Kibana

• Configure and maintain index templates and information lifecycle management (ILM) policies

• Develop Elastic alerting solutions using Watcher and/or Kibana Rules and Connectors with integrations to ticketing systems, email, and messaging apps as required

• Develop Machine Learning (ML) jobs to dynamically monitor and alert on identified metrics, KPIs, and/or data anomalies

• Follow ITIL based change management processes to move solutions from Dev to Test and into Production

• Run the day-to-day operations of the security operations center

• Investigate incidents and lead response efforts as applicable

Required Skills:

• A Secret clearance will be required to maintain this position

• Compliance with DoD 8140 / 8570 IAT Level II certification prior to start date

• At least 5 years of hands-on experience in deployment, configuration, and solution development using the Elastic Stack for security and logging use-cases. Specific experience with Elastic SIEM is plus

• Demonstrated experience with the full Elastic Stack - Elasticsearch, Logstash, Kibana, Beats, Machine Learning, and REST API integration

• Experience integrating Elasticsearch with external systems (e.g. SOAR tools, Threat Intel Platforms)

• Experience with data management: hot/warm/cold architectures, shard allocation/re-allocation, snapshots & restoration

• Strong experience with evaluating existing Elastic clusters, configuration parameters, indexing, search and query performance tuning, security, and cluster administration

• Experience integrating Elasticsearch with alternate authentication mechanisms such as SAML, LDAP, and PKI

• Experience with supporting the Elastic Stack in on-prem and SaaS environments including system monitoring and tuning

• Experience securing the Elastic stack and hardening hosting environments

• Experience with the design and implement of highly scalable solutions using the Elastic Stack

• Experience in developing data structures, data mapping from various sources to achieve data normalization using Elastic Common Schema

• Experience developing Logstash and/or Elastic Ingest Pipelines

• Experience developing custom visualizations and dashboards using Kibana, including creating specialized reporting solutions through Elasticsearch and Kibana APIs to meet complex stakeholder requirements

• Experience in end-to-end Low-level design, development, administration, and delivery of Elasticsearch based reporting solutions

• Strong technical foundation in building reliable, scalable, and supportable systems

• Experienced in Red Hat Enterprise Linux deployment and administration Desired

Skills:

• Experience using and developing Ansible playbooks for automation of system deployment and/or configuration

• Experience with developing in multiple languages (Python, Bash, Power Shell, Painless, etc.).

• Understanding of the MITRE ATT&CK framework

• Certified Elastic Engineer or willingness to gain certification within 90 days of hire

• Experience with cloud environments (e.g., Azure, AWS, GCP, etc.) and cloud security architecture

• Experience condensing large environments to a single pane of glass view to facilitate optimal operational efficiency

• Experience leading incident response and forensic investigative initiatives

• Demonstrated ability to create and present executive level briefings

• Experience with Army policies, regulations, and processes preferred Thanks and Regards
Murali Sharma