Sr. SIEM Engineer (Elastic+Con

Company : Accenture (supporting Army) Role : Sr. SIEM Engineer (Elastic+Confluence)

Location : 5 days onsite in Ft. Belvoir, VA

Duration : Long Term Contract

Citizenship : US Citizen (able to obtain Secret Clearance) Rate : $80 an hour (some flex)

Top Requirements

Elastic

Confluence

Security+ or any IAT Level II Cert

SIEM experience

Responsibilities :

• Design, deploy, configure, and maintain Elastic stack and Confluent deployment
• Manage, patch, and upgrade Elasticsearch, Confluent, and other related system
• Tune and optimize Elastic stack deployments based on application / customer need
• Design and configure ETL data pipelines to ingest customer defined data sets such as application logs, metrics, and or threat event
• Create custom visualizations and dashboards using Kibana
• Configure and maintain index templates and information lifecycle management (ILM) policie
• Develop Elastic alerting solutions using Watcher and / or Kibana Rules and Connectors with integrations to ticketing systems, email, and messaging apps as required
• Develop Machine Learning (ML) jobs to dynamically monitor and alert on identified metrics, KPIs, and / or data anomalie
• Follow ITIL based change management processes to move solutions from Dev to Test and into Production
• Run the day-to-day operations of the security operations center
• Investigate incidents and lead response efforts as applicable

Required Skills :

• A Secret clearance will be required to maintain this position
• Compliance with DoD 8140 / 8570 IAT Level II certification prior to start date
• At least 5 years of hands-on experience in deployment, configuration, and solution development using the Elastic Stack for security and logging use-cases. Specific experience with Elastic SIEM is plu
• Demonstrated experience with the full Elastic Stack - Elasticsearch, Logstash, Kibana, Beats, Machine Learning, and REST API integration
• Experience integrating Elasticsearch with external systems (e.g. SOAR tools, Threat Intel Platforms)
• Experience with data management : hot / warm / cold architectures, shard allocation / re-allocation, snapshots & restoration
• Strong experience with evaluating existing Elastic clusters, configuration parameters, indexing, search and query performance tuning, security, and cluster administration
• Experience integrating Elasticsearch with alternate authentication mechanisms such as SAML, LDAP, and PKI
• Experience with supporting the Elastic Stack in on-prem and SaaS environments including system monitoring and tuning
• Experience securing the Elastic stack and hardening hosting environment
• Experience with the design and implement of highly scalable solutions using the Elastic Stack
• Experience in developing data structures, data mapping from various sources to achieve data normalization using Elastic Common Schema
• Experience developing Logstash and / or Elastic Ingest Pipeline
• Experience developing custom visualizations and dashboards using Kibana, including creating specialized reporting solutions through Elasticsearch and Kibana APIs to meet complex stakeholder requirement
• Experience in end-to-end Low-level design, development, administration, and delivery of Elasticsearch based reporting solution
• Strong technical foundation in building reliable, scalable, and supportable system
• Experienced in Red Hat Enterprise Linux deployment and administration

Desired Skills :

• Experience using and developing Ansible playbooks for automation of system deployment and / or configuration
• Experience with developing in multiple languages (Python, Bash, PowerShell, Painless, etc.).
• Understanding of the MITRE ATT&CK framework
• Certified Elastic Engineer or willingness to gain certification within 90 days of hire
• Experience with cloud environments (e.g., Azure, AWS, GCP, etc.) and cloud security architecture
• Experience condensing large environments to a single pane of glass view to facilitate optimal operational efficiency
• Experience leading incident response and forensic investigative initiative
• Demonstrated ability to create and present executive level briefing
• Experience with Army policies, regulations, and processes preferred