Elastic Engineer

Zachary Piper Solutions is seeking an Elastic Engineer to support a mission‑critical federal program at Schriever Space Force Base (SFB). This on‑site role focuses on designing, implementing, and maintaining large‑scale log ingestion architectures using the Elastic Stack. The ideal candidate brings deep expertise in Logstash pipeline engineering, ECS normalization, and high‑volume ingestion across heterogeneous data sources, including restricted and air‑gapped environments.

• Design and deploy ingestion pipelines for:
  • Endpoint security telemetry
  • Network devices and firewalls
  • Cloud security platforms
  • Linux audit logs
  • Windows Event Logs
  • Kubernetes/Open Shift logs
  • Custom application logs
• Normalize incoming data into Elastic Common Schema (ECS) compliant formats
• Implement parsing using Grok
  , Dissect
  , KV
  , JSON decoding
  , and Translate filters
• Design and manage multi‑pipeline Logstash architectures
  , including pipeline‑to‑pipeline routing and output isolator patterns
• Tune Logstash JVM performance and troubleshoot ingestion bottlenecks
• Deploy and manage Elastic Agents using Fleet Server and centralized policy management
• Support air‑gapped artifact and package repositories
• Implement ingestion resiliency, redundancy, and failover strategies
• Validate ingestion correctness, ECS alignment, and lifecycle management compliance
• Support high‑availability production environments, including restricted and disconnected networks

• 3+ years of hands‑on Elastic Stack experience
• Advanced Logstash pipeline engineering expertise
• Strong knowledge of Elastic Common Schema (ECS)
• Linux administration experience
• Proven experience troubleshooting high‑volume ingestion and pipeline performance issues

• Experience with air‑gapped Elastic deployments
• Kubernetes/Open Shift logging ingestion experience
• Elastic Defend and SIEM ingestion experience
• Automation experience with Ansible
  , Python, Bash, or similar scripting tools

• Improved ingestion reliability and resiliency
• Reduced dropped or malformed events
• Increased pipeline throughput and stability
• Consistent, standardized ECS mapping implementation

• Location: Schriever Space Force Base (SFB)
• Environment: On‑site, secure facility
• Collaboration with cybersecurity, platform engineering, and mission operations teams

• Salary Range: (depends on experience)
• Benefits: Medical, Dental, Vision, 401K, PTO, Sick Leave (as required), Holidays

#LI-RE1 #LI-Onsite elastic engineer, elastic stack, logstash, kibana, elasticsearch, elastic agent, fleet server, ingestion pipelines, ECS, elastic common schema, grok, dissect, kv filter, json filter, translate filter, multi‑pipeline logstash, pipeline‑to‑pipeline routing, output isolator, JVM tuning, ingestion performance, high‑volume logging, linux, air‑gapped environments, restricted networks, SIEM ingestion, elastic defend, kubernetes logging, openshift logging, ansible automation, scripting, python, bash, endpoint telemetry, cloud security logs, windows event logs, linux audit logs, network device logs, observability, data normalization, schriever SFB, cleared engineer, federal security, mission‑critical systems.