Cyber Platform Engineer - Elastic SIEM Security Clearance

Position: Cyber Platform Engineer - Elastic SIEM with Security Clearance
We're looking for a hands-on engineer who can deploy, operate, and scale Elastic SIEM across AWS Gov Cloud and on-premises environments supporting DoW operations. This isn't a single-track role— you'll work across cloud infrastructure, Kubernetes platforms, and security operations, often in the same week.
This position directly supports mission-critical systems across multiple classification levels (IL4, IL5, IL6) and requires someone comfortable working in complex, regulated environments where security and reliability aren't optional.
We're realistic about what we're asking for. This role spans three domains:
• AWS Engineering – VPCs, IAM, EKS, Gov Cloud
• Platform Engineering – Kubernetes, Helm, Terraform, CI/CD
• Elastic SIEM – Deployment, detection engineering, SOC integration We're looking for someone who's an expert in two of these areas and competent in the third. We'll help you grow where you need it.
What You'll Actually Do Day-to-day (~30% SIEM, ~30% Platform, ~30% AWS, ~10% Coordination):
• Deploy and operate Elastic Security clusters across AWS Gov Cloud and on-prem environments
• Build and maintain the underlying infrastructure—EKS clusters, Terraform modules, CI/CD pipelines
• Onboard log sources, build ingest pipelines, and create detection content that actually catches things
• Troubleshoot the full stack—from AWS networking to Kubernetes pods to Elasticsearch performance
• Work with SOC analysts to tune alerts, reduce noise, and improve detection coverage
• Document architectures and participate in RMF/ATO activities (you won't own this, but you'll contribute)
• Coordinate with vendors, government stakeholders, and cross-functional teams Projects you might work on:
• Establishing IdP integrations for multi-tenancy support
• Designing a multi-node Elastic cluster that handles 100K+ EPS with proper tiering
• Building Terraform modules for repeatable SIEM deployments across enclaves
• Creating detection content mapped to MITRE ATT&CK for specific threats
• Integrating Elastic with existing SOC tools and incident response workflows What We're Looking For
• Required SECRET CLEARANCE
• Experience in DoW IL4+ environments – You understand the constraints and can work within them
• Hands-on expertise in at least TWO of the following: AWS Engineering (Expert)
• VPC architecture (subnets, security groups, NACLs, transit gateway, VPC endpoints)
• IAM policies, roles, and cross-account patterns
• Core services depth: EC2, S3, EKS, Cloud Watch, Cloud Trail, KMS
• AWS Gov Cloud experience strongly preferred
• Can troubleshoot at the network and API level, not just console clicking Platform Engineering (Expert)
• Kubernetes administration (EKS, RKE2, or similar—not just kubectl user)
• Helm chart development or significant customization
• Terraform (writing modules, managing state, not just terraform apply )
• CI/CD pipeline design (Git Lab CI, Git Hub Actions, ArgoCD, or similar)
• Container troubleshooting (networking, storage, resource constraints) Elastic SIEM Engineering (Expert)
• Elastic Stack deployment and administration (Elasticsearch, Kibana, Fleet, Elastic Agent)
• Detection rule development using Elastic Security
• Ingest pipeline creation (parsing, normalization, ECS mapping)
• KQL proficiency for queries and detection logic
• Index lifecycle management and cluster performance tuning Competence in the third area – You don't need to be an expert, but you should be able to operate with guidance and learn quickly
Scripting ability – Python and/or Bash for automation, log parsing, and tooling
Communication skills – Can explain technical decisions to non-technical stakeholders and document your work
Preferred

Experience with cross-domain solutions and multi-classification environments STIG hardening and compliance scanning (ACAS, Nessus, SCAP) Detection engineering methodology (ATT&CK mapping, purple team validation) Air-gapped/disconnected deployment experience Prior military or DoW contractor experience
Certifications (Nice to Have, Not Required)
• AWS Solutions Architect (Associate or Professional)
• Elastic Certified Engineer or Analyst
• CKA/CKAD (Kubernetes)
• Security+ (often…