Job Specifications
Job Title: Sr. SIEM Engineer (Elastic + Confluent)
Location: 100% Onsite at Fort Belvoir, VA
Mode: Contract
Required Certification: Security +
JD:
Seeking a Sr. SIEM Engineer specializing in Elastic Stack and Confluent in support of the PEO Enterprise SIEM Consolidation / Cyber Defense effort. This effort is focused on the consolidation of PEO Enterprise multiple SIEM solutions (approx. 40) into one consolidated SIEM. This individual should have extensive experience with Security Information and Event Management (SIEM) deployment and tuning as well as Security Orchestration Automation and Response (SOAR) development and implementation.
Responsibilities:
• Design, deploy, configure, and maintain Elastic stack and Confluent deployments
• Manage, patch, and upgrade Elasticsearch, Confluent, and other related systems
• Tune and optimize Elastic stack deployments based on application/customer needs
• Design and configure ETL data pipelines to ingest customer defined data sets such as application logs, metrics, and or threat events
• Create custom visualizations and dashboards using Kibana
• Configure and maintain index templates and information lifecycle management (ILM) policies
• Develop Elastic alerting solutions using Watcher and/or Kibana Rules and Connectors with integrations to ticketing systems, email, and messaging apps as required
• Develop Machine Learning (ML) jobs to dynamically monitor and alert on identified metrics, KPIs, and/or data anomalies
• Follow ITIL based change management processes to move solutions from Dev to Test and into Production
• Run the day-to-day operations of the security operations center
• Investigate incidents and lead response efforts as applicable
Required Skills:
• A Secret clearance will be required to maintain this position
• Compliance with DoD 8140 / 8570 IAT Level II certification prior to start date
• At least 5 years of hands-on experience in deployment, configuration, and solution development using the Elastic Stack for security and logging use-cases. Specific experience with Elastic SIEM is plus
• Demonstrated experience with the full Elastic Stack - Elasticsearch, Logstash, Kibana, Beats, Machine Learning, and REST API integration
• Experience integrating Elasticsearch with external systems (e.g. SOAR tools, Threat Intel Platforms)
• Experience with data management: hot/warm/cold architectures, shard allocation/re-allocation, snapshots & restoration
• Strong experience with evaluating existing Elastic clusters, configuration parameters, indexing, search and query performance tuning, security, and cluster administration
• Experience integrating Elasticsearch with alternate authentication mechanisms such as SAML, LDAP, and PKI
• Experience with supporting the Elastic Stack in on-prem and SaaS environments including system monitoring and tuning
• Experience securing the Elastic stack and hardening hosting environments
• Experience with the design and implement of highly scalable solutions using the Elastic Stack
• Experience in developing data structures, data mapping from various sources to achieve data normalization using Elastic Common Schema
• Experience developing Logstash and/or Elastic Ingest Pipelines
• Experience developing custom visualizations and dashboards using Kibana, including creating specialized reporting solutions through Elasticsearch and Kibana APIs to meet complex stakeholder requirements
• Experience in end-to-end Low-level design, development, administration, and delivery of Elasticsearch based reporting solutions
• Strong technical foundation in building reliable, scalable, and supportable systems
• Experienced in Red Hat Enterprise Linux deployment and administration
Desired Skills:
• Experience using and developing Ansible playbooks for automation of system deployment and/or configuration
• Experience with developing in multiple languages (Python, Bash, PowerShell, Painless, etc.).
• Understanding of the MITRE ATT&CK framework
• Certified Elastic Engineer or willingness to gain certification within 90 days of hire
• Experience with cloud environments (e.g., Azure, AWS, GCP, etc.) and cloud security architecture
• Experience condensing large environments to a single pane of glass view to facilitate optimal operational efficiency
• Experience leading incident response and forensic investigative initiatives
• Demonstrated ability to create and present executive level briefings
• Experience with Army policies, regulations, and processes preferred
About Seneca Resources
At Seneca Resources, we are more than just a staffing and consulting firm, we are a trusted career partner. With offices across the U.S. and clients ranging from Fortune 500 companies to government organizations, we provide opportunities that help professionals grow their careers while making an impact.
When you work with Seneca, you’re choosing a company that invests in your success, celebrates your achievements, and connects yo