USIEM Elastic Engineer

This role of USIEM Elastic Engineer will support ECS's AESS program. This is a technical hands-on role to which you will be responsible for working within a multi-disciplined team to design, build, secure, maintain, optimize, and document multiple Elastic Stack Enterprise solutions (Elasticsearch, Logstash, Kibana, Beats, ML, SIEM) deployed globally in a Federal DoD environment, along with support using Ansible playbook. Additionally, you will perform continuous data normalization support functions and support the delivery of written technical deliverables such as SOPs and/or process workflows to optimize tool usage and contribute to new capabilities. Your infrastructure, data pipelines and reporting automation will directly support internal engineering personnel and external customer requirements.

• Minimum Secret Clearance is required
• Compliance with DoD 8140 / 8570 IAT Level II certification prior to start date
• At least 4 years' hands-on experience in deployment, configuration, and solution development using the Elastic Stack for security and logging use-cases. Specific experience with Elastic SIEM is plus
• Demonstrated experience with the full Elastic Stack - Elasticsearch, Logstash, Kibana, Beats, Machine Learning, and REST API integration
• Demonstrated ability to utilize Ansible Playbook

Desired Skills

• Experience integrating Elasticsearch with external systems (e.g. SOAR tools, Threat Intel Platforms)
• Experience with data management: hot/warm/cold architectures, shard allocation/re-allocation, snapshots & restoration
• Strong experience with evaluating existing Elastic clusters, configuration parameters, indexing, search and query performance tuning, security, and cluster administration
• Experience integrating Elasticsearch with alternate authentication mechanisms such as SAML, LDAP, and PKI
• Experience with supporting the Elastic Stack in on-prem and SaaS environments including system monitoring and tuning
• Experience securing the Elastic stack and hardening hosting environments
• Experience with developing in multiple languages (Python, Bash, PowerShell, Painless, etc.)
• Experience with the design and implement of highly scalable solutions using the Elastic Stack
• Experience in developing data structures, data mapping from various sources to achieve data normalization using Elastic Common Schema
• Experience developing Logstash and/or Ingest Pipelines
• Experience developing custom visualizations and dashboards using Kibana
• Developing custom reporting solutions using APIs that leverage Elasticsearch and ElastiCache
• Experience in end-to-end Low-level design, development, administration, and delivery of Elasticsearch based reporting solutions
• Strong technical foundation in building reliable, scalable, and supportable systems
• Experienced in Red Hat Enterprise Linux deployment and administration

As a leading provider of managed cybersecurity services, ECS provides a highly tailored and customized offering to each customer. Our team is responsible for protecting both our customers and corporate environment at ECS. Our mission is very broad, and our team is agile. We will look toward your unique skills to approach and solve problems in your own way. Whether engineering a system to address a technical hurdle, protecting customers data or consulting on a wide range of security topics. You are empowered to engage and lead across multiple groups., Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees . Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies. Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.