By Light Professional IT Services

ELK SIEM Engineer

Job Locations US-MD-Fort Meade
Posted Date 3 weeks ago(3/9/2020 4:30 PM)
ID
2020-5210
# of Openings
1
Category
Information Technology
Clearance
Secret

Overview

By Light is seeking a Cyber Network Defense (CND) Elasticsearch, Log stash, and Kibana (ELK) Engineer/Subject Matter Expert (SME) to perform technical work as part of an integrated team of CND SMEs supporting the DoD’s JRSS (Joint Regional Security Stack) deployment activities. JRSS is a multi-year, global effort to improve the DoD’s security posture and provide enhanced security capabilities and analytics by centralizing and virtualizing network security into regional stacks rather than locally distributed appliances. This position is responsible for providing configuration, implementation, configuration and ongoing performance enhancement work for ELK in the JRSS environment.

 

You will also work as part of a multi-disciplinary team that supports the active and passive Computer Network Defense (CND) tools deployed in stacks. Must be able to integrate with other technical teams, with DISA personnel, with vendor technical support personnel, and with technical representatives from DoD services, working as part of an integrated, cross-platform team that provides CND capability, and military base/post/camp/station migration support services DoD-wide as the JRSS stacks are deployed and used.

Responsibilities

You will support ELK tool and will assist with configuration, troubleshooting, support and project management of ELK integration. You should also have extensive CND architectural design experience as well as significant hands-on experience with ELK.

To be successful in this role, you will be able to do the following:

  • Provide SME knowledge of Full Packet Capture via Google Stenographer, Protocol Analysis and Metadata via Bro, Signature Based Alerting via Suricata, Recursive File Scanning via FSF,  message queuing via Filebeat, Message Queuing and Distribution via Apache Kafka and Message Transport via Log stash
  • Create viewable Kibana dashboards to provide visibility into ingested log data
  • Resolve ELK infrastructure or system issues
  • Create Suricata security rules (alerts) and Kibana dashboards that trigger on anomalous activities or threat detections 
  • Create alerts that trigger/activate on configured setting to deploy or sends email to a particulate destination email or groups
  • Troubleshoot and tune signature based alerting via Suricata, recursive file scanning via FSF, message queuing and distribution via Apache Kafka and message transport via Log stash
  • Strong knowledge of Ansible or Python scripting, Linux CENTOS/ Red Hat operating system commands, file data storage, indexing, and searching via Elasticsearch
  • Provide ELK SME support, assisting customers when ingestion of logs are not working properly or with ELK communication issues
  • Experience with Splunk, IDS/IPS technologies, NESSUS, or Demisto

Required Experience/Qualifications

  • Bachelor’s degree from an accredited college in a related discipline, or equivalent experience/combined education, with 12 or more years’ experience; or 10 years’ experience with a related Master’s degree or equivalent work experience.
  • To be a successful fit to this assignment, you should be well versed in TCP/IP communications.
  • Have a general knowledge of router and firewall functionality on a network.
  • Familiar with the MS Office tool suite.
  • Excellent written and oral communications skills and be able to appropriately present highly technical material to both technical and non-technical audiences
  • Per contract requirements, U.S. citizenship and an active DoD Secret clearance is required. In addition, you must be able to successfully obtain up to Top Secret based on requirements from the customer and program.
  • DoD 8570 IAT2 certification is required

Preferred Experience/Qualifications

  • Prior experience as a network intrusion analyst or Security Operations Center analyst.
  • Experience configuring and maintaining the tool in a multi-tenant environment
  • Experience with one or more of the CND tools:
    • Fidelis DLP and MDE
    • Tipping Point
    • Splunk
    • Firepower
    • Gigamon
    • Opswat
    • Inquest
    • Corelight/Bro
    • ELK tools

Special Requirements/Security Clearance

  • Must have a current Secret level clearance.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed