Cyber Security Associate - Elastic/SIEM SME
US-TX-San Antonio
Careers (External)
Req #: 6917
Type: Full-Time
|
|
|||||||||||
|
||||||||||||
Overview:
GovCIO is currently hiring for an Elastic/Security Information and Event Management SME to support implementation of multi-domain zero trust across 16th Air Force IT enclaves. Incumbents will be responsible for the operation, optimization, configuration, and maintenance of Elastic Stack. Additionally, the incumbents will be responsible for integration of new data feeds into the Elastic stack and optimization of reporting/data outputs. This position will be located in San Antonio, TX and will be an onsite position.
Responsibilities:
* Design, configure, and optimize Elastic Stack components (Elasticsearch, Logstash, Kibana, Beats) to meet operational requirements.
* Develop and implement scalable Elastic solutions for data ingestion, processing, and visualization.
* Perform cluster management, including scaling, performance tuning, and troubleshooting.
* Collaborate with stakeholders to gather requirements and design Elastic-based solutions tailored to mission needs.
* Develop and document architecture diagrams, workflows, and technical specifications.
* Integrate Elastic Stack with other tools and platforms, such as SIEMs, data lakes, and cloud environments.
* Support incident response teams by providing real-time data analysis and visualization using Elastic tools.
* Implement security best practices for Elastic Stack, including role-based access control (RBAC), encryption, and auditing.
* Ensure compliance with DoD security standards, including DISA STIGs and RMF requirements.
* Develop scripts and automation tools for Elastic Stack deployment, configuration, and monitoring.
* Write custom parsers, filters, and pipelines for data ingestion and transformation.
* Collaborate with software development teams to integrate Elastic solutions into CI/CD pipelines.
* Monitor Elastic Stack performance and availability, ensuring high uptime and reliability.
* Perform regular upgrades, patching, and maintenance of Elastic components.
* Troubleshoot and resolve issues related to data ingestion, indexing, and querying.
Qualifications:
High School with 10+ years combined SIEM, Incident Responder, or CND experience
Required Skills and Experience
* In-depth knowledge of Elastic Stack components (Elasticsearch, Logstash, Kibana, Beats).
* Experience with Elastic cluster design, scaling, and performance optimization.
* Proficiency in creating custom dashboards, visualizations, and alerts in Kibana.
* Strong understanding of data ingestion, ETL pipelines, and log aggregation.
* Experience with JSON, REST APIs, and Elasticsearch Query DSL.
* Familiarity with data formats such as JSON, XML, and CSV.
* Knowledge of incident response processes and tools.
* Ability to analyze logs and events to support forensic investigations and threat hunting.
* Clearance Required: TS/SCI
* Elastic Certified Engineer or Elastic Certified Analyst.
* DoD 8570.01-M/DoD 8140 IAT Level II or III certification.
Preferred Skills and Experience
* Familiarity with cloud platforms (AWS, Azure, GCP) and Elastic Cloud.
* Experience with SIEM tools such as Splunk, ArcSight, or QRadar.
* Knowledge of network protocols, firewalls, and load balancers.
* Strong analytical and problem-solving skills.
* Excellent communication and documentation skills.
* Experience working within the Intelligence and/or DOD Cyber Communities
* Elastic Certified Observability Engineer.
* GIAC Certified Incident Handler (GCIH).
* AWS Certified Solutions Architect or equivalent cloud certification.
#NSS #RT #JP
Share this job:
