ECS is seeking a Cybersecurity Engineer - Elastic SIEM Engineer to work in our Fairfax, VA office. Please Note: This position is contingent upon contract award.
As a leading provider of managed cybersecurity services, ECS provides a highly tailored and customized offering to each customer. Our team is responsible for protecting both our customers and corporate environment at ECS. Our mission is very broad, and our team is agile. We will look toward your unique skills to approach and solve problems in your own way. Whether engineering a system to address a technical hurdle, protecting customer data, or consulting on a wide range of security topics. You are empowered to engage and lead across multiple groups.
This role of a Cybersecurity Engineer will support ECS's internal Cybersecurity program and Commercial Managed Cybersecurity Service Practice. In this technical, hands-on role you will be responsible for successful operation of a variety of cybersecurity tools, logging framework, and cybersecurity infrastructure. You will also support written technical deliverables for our customers and building new capabilities. Your infrastructure, data pipeline is delivered to threat analysts for consumption.
- Demonstrated experience with the Elasticsearch, Logstash, Beats, Kibana, APM, Elastic Common Schema, and Elastic Security
- Collaborate and work with a diverse group of engineers in developing solutions for ingesting heterogeneous datasets in large volumes
- Deploy, configure, test, troubleshoot, maintain, update/upgrade of Elastic Stack environments
- Indexing Data, Queries, Aggregations, Mappings
- Act as the subject matter expert for ELK implementation across the shared service platform.
- Ability to integrate with other operational data platforms and tools including Kafka, SIEM, SOAR, etc.
- Plan resources and continuously optimize the infrastructure and configuration of Elasticsearch to ensure a healthy and high-performance production deployment
- Document the solutions and design for internal consumption as well as customer reference and education.
- Design, document, build, secure, and maintain Elastic Stack solutions deployed in the Cloud or on-premise.
- Securing the solution by being familiar with TLS, certificates, SSO/PIV authentication, and encryption technologies
- Testing data flows, troubleshooting issues, and monitoring the health of the solution and servers to maximize performance and minimize downtime
- Configure, maintain, and troubleshoot Elastic environments and deployments in lab, development, and production environments.
- Deep understanding of and expertise with IP networking fundamentals
- Interface daily with customers to troubleshoot and solve technical issues and report the status of security related tasks.
- Evaluate new methodologies to deliver cybersecurity capabilities.
- Develop new capabilities to enhance the analysis of data supporting cybersecurity
- Familiarity with Elastic APM, Infrastructure monitoring, Elastic SIEM and Uptime monitoring
- Operate with a high level of independence and act as a mentor to more junior Cybersecurity Engineers
- Support SIEM, SOAR, and UEBA platforms and participate in an on-call rotation
- Bachelor's degree in computer related field. In lieu of a bachelor's degree, at least five (5) years of Cyber Security experience is required.
- 5+ years of experience with Elasticsearch development, integration, operations and support
- 5+ years of experience with Cyber Security related toolsets.
- Willingness to travel up to 25%.
- Excellent verbal, written, and interpersonal communication skills
- Python scripting expertise
- Experience with Elastic Security
- Data pipeline of log collection from endpoints/other sources to analytic tools
- Experience with open source cybersecurity tools not limited to: osquery, sysmon, bro suricata, snort, syslog, elastic search, logstash, kibana.
- Ability to develop partnerships and collaborate with other business and functional areas
- Experience with data streaming technologies and use cases
- Strong analytical skills with high attention to detail and accuracy
- Familiarity with Metrics, anomaly detection, machine learning
- Elastic Certification
- Familiar with DevOps tools/methods including tools such as Git and Ansible.
- Able to work independently with little guidance or as a team.
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.