Cyber Platform Engineer
Role details
Job location
Tech stack
Job description
Day-to-day (~30% SIEM, ~30% Platform, ~30% AWS, ~10% Coordination):
Deploy and operate Elastic Security clusters across AWS GovCloud and on-prem environments
Build and maintain the underlying infrastructure-EKS clusters, Terraform modules, CI/CD
pipelines
Onboard log sources, build ingest pipelines, and create detection content that actually catches
things
Troubleshoot the full stack-from AWS networking to Kubernetes pods to Elasticsearch
performance
Work with SOC analysts to tune alerts, reduce noise, and improve detection coverage
Document architectures and participate in RMF/ATO activities (you won't own this, but you'll
contribute)
Coordinate with vendors, government stakeholders, and cross-functional teams
Requirements
Active clearance; experience in DoD IL4+ environments
Expert-level in 2 of 3 areas (working knowledge of the third):
AWS Engineering
Advanced VPC & IAM design; EC2, S3, EKS, CloudWatch/Trail, KMS
GovCloud preferred; network/API-level troubleshooting
Platform Engineering
Kubernetes administration (EKS/RKE2)
Helm, Terraform (modules/state), CI/CD pipelines
Container troubleshooting
Elastic SIEM Engineering
Elastic Stack administration
Detection rules, ingest pipelines, KQL
ILM and performance tuning
Python and/or Bash scripting
Strong communication and documentation skills