SIEM Platform Engineer

Job summary

Work with clients and peers to build a high-performing system using Elastic to aggregate logs from many systems into a single common schema. Create quality visualizations and alerts for threat hunting, maintain infrastructure, and identify problems or anomalous behavior. Work with vendors to determine best practices for deployment and maintenance of system architecture within designated security requirements.

Benefits

Qualifications

• 1+ years of experience with SIEM platforms
• Experience designing data pipeline architectures for security operations
• Experience with log collection, normalization, enrichment, and routing
• Experience with Elastic Stack, Logstash, Elasticsearch, Kibana, and Beats
• Experience installing, configuring, maintaining, upgrading, and troubleshooting Elastic Stack products
• Knowledge of EDR, NDR, or full-packet capture solutions
• Knowledge of deploying platforms across cloud, on-premises, and disconnected environments using Kubernetes or OpenShift
• Knowledge of Elastic Index Lifecycle Management (ILM)
• TS/SCI clearance
• HS diploma or GED

Responsibilities

• Build high-performing systems using Elastic to aggregate logs into a common schema
• Use Elastic Common Schema (ECS) formatted fields
• Create quality visualizations and alerts for threat hunting
• Maintain infrastructure
• Identify problems or anomalous behavior
• Work with vendors to determine best practices for deployment and maintenance of system architecture
• Deploy systems within designated security requirements

Skills

Certifications

Degrees

Security clearance

Relocation