Posted today
Secret
Senior Level Career (10+ yrs experience)
$130,000 - $150,000
IT - Security
Colorado Springs, CO (On-Site/Office)•Huntsville, AL (On-Site/Office)
Description of Duties:
The Senior Security Integration Engineer (Elastic Stack) supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract.
The candidate will:
• Serve as a customer-facing technical lead responsible for onboarding, integrating, and optimizing security data sources into the Elastic Security Platform.
• Collaborate with customer technical teams to map their environment, plan ingestion strategies, update network and data flow diagrams, validate logging pipelines, and ensure successful end-to-end SIEM integration.
Key Responsibilities:
• Lead customer-facing technical discussions related to onboarding systems and data sources into Elastic SIEM.
• Conduct assessments of customer environments and identify required logging, telemetry, and network visibility gaps.
• Translate customer operational requirements into ingestion roadmaps and technical implementation plans.
• Develop, maintain, and version-control network diagrams, data flow diagrams, and SIEM onboarding documentation.
• Produce runbooks, integration guides, and operational reference materials.
• Monitor ingestion health and coordinate issue resolution with customers and internal teams.
• Ensure adherence to security policies, logging standards, and architectural governance.
• Provide technical guidance and mentorship to junior engineers working on data ingestion and SIEM onboarding tasks.
• Contribute to onboarding playbooks, best practices, and internal training sessions.
• Serve as a subject-matter expert on Elastic SIEM capabilities and logging integration patterns.
The successful candidate will:
• Have expert proficiency with Elastic Stack design, ingestion, and optimization.
• Have advanced competency in network architecture, security telemetry, and log analytics.
• Have strong troubleshooting skills covering ingestion failures, ECS issues, agent deployment, and pipeline errors.
• Be skilled at engaging customers, translating requirements, and articulating complex integrations clearly.
• Be effective at producing structured, high-quality documentation and diagrams.
• Be able to execute ownership of complex projects from planning through execution.
• Be detail-oriented with a focus on accuracy, completeness, and mission assurance.
• Be able to balance customer requirements with architectural standards and best practices.
Basic Requirements:
• Must have 10, or more, years of general (full-time) work experience
○ May be reduced with completion of advanced education
• Must have 5, or more, years of experience in cybersecurity engineering, systems integration, or SIEM operations
• Must have 2, or more, years of experience working in a management or leadership role, mentoring and guiding other team members
• Must have a strong understanding of enterprise networks, including routing, switching, VPNs, firewalls, and network security tools.
• Must have experience with data ingestion, processing, and enrichment techniques.
• Must be able to build and maintain network and data flow diagrams (e.g., Visio, Lucidchart, Draw.io).
• Must be proficient in Linux systems, command-line tools, and system administration fundamentals.
• Must have experience working directly with customers in a technical consulting or engineering capacity.
Must have a DoD 8570.01-M IAT Level II certification with Continuing Education (CE) - (CCNA-Security, CySA+, GICSP,
GSEC, Security+ CE, CND, SSCP)
•
• Must have an active DoD Secret Security Clearance
• Must be able to obtain an active DoD Top Secret Security Clearance
Desired Requirements:
• Be an Elastic Certified Engineer, Elastic Certified Analyst, or have relevant Elastic certifications.
• Have experience with cloud platforms and logging pipelines (AWS, Azure, GCP, cloud-native telemetry).
• Be familiar with ECS (Elastic Common Schema) and data normalization best practices.
• Have experience implementing detection engineering or threat hunting workflows in Elastic Security.
• Have knowledge of scripting languages (Python, PowerShell, Bash) to automate ingestion and data validation.
• Have experience integrating EDR, NDR, IAM, and vulnerability management logs into a SIEM.
• Have an understanding of MITRE ATT&CK, cyber kill chain, and threat intelligence ingestion.
• Have experience mentoring or leading small technical teams.
The Senior Security Integration Engineer (Elastic Stack) supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract.
The candidate will:
• Serve as a customer-facing technical lead responsible for onboarding, integrating, and optimizing security data sources into the Elastic Security Platform.
• Collaborate with customer technical teams to map their environment, plan ingestion strategies, update network and data flow diagrams, validate logging pipelines, and ensure successful end-to-end SIEM integration.
Key Responsibilities:
• Lead customer-facing technical discussions related to onboarding systems and data sources into Elastic SIEM.
• Conduct assessments of customer environments and identify required logging, telemetry, and network visibility gaps.
• Translate customer operational requirements into ingestion roadmaps and technical implementation plans.
• Develop, maintain, and version-control network diagrams, data flow diagrams, and SIEM onboarding documentation.
• Produce runbooks, integration guides, and operational reference materials.
• Monitor ingestion health and coordinate issue resolution with customers and internal teams.
• Ensure adherence to security policies, logging standards, and architectural governance.
• Provide technical guidance and mentorship to junior engineers working on data ingestion and SIEM onboarding tasks.
• Contribute to onboarding playbooks, best practices, and internal training sessions.
• Serve as a subject-matter expert on Elastic SIEM capabilities and logging integration patterns.
The successful candidate will:
• Have expert proficiency with Elastic Stack design, ingestion, and optimization.
• Have advanced competency in network architecture, security telemetry, and log analytics.
• Have strong troubleshooting skills covering ingestion failures, ECS issues, agent deployment, and pipeline errors.
• Be skilled at engaging customers, translating requirements, and articulating complex integrations clearly.
• Be effective at producing structured, high-quality documentation and diagrams.
• Be able to execute ownership of complex projects from planning through execution.
• Be detail-oriented with a focus on accuracy, completeness, and mission assurance.
• Be able to balance customer requirements with architectural standards and best practices.
Basic Requirements:
• Must have 10, or more, years of general (full-time) work experience
○ May be reduced with completion of advanced education
• Must have 5, or more, years of experience in cybersecurity engineering, systems integration, or SIEM operations
• Must have 2, or more, years of experience working in a management or leadership role, mentoring and guiding other team members
• Must have a strong understanding of enterprise networks, including routing, switching, VPNs, firewalls, and network security tools.
• Must have experience with data ingestion, processing, and enrichment techniques.
• Must be able to build and maintain network and data flow diagrams (e.g., Visio, Lucidchart, Draw.io).
• Must be proficient in Linux systems, command-line tools, and system administration fundamentals.
• Must have experience working directly with customers in a technical consulting or engineering capacity.
Must have a DoD 8570.01-M IAT Level II certification with Continuing Education (CE) - (CCNA-Security, CySA+, GICSP,
GSEC, Security+ CE, CND, SSCP)
•
• Must have an active DoD Secret Security Clearance
• Must be able to obtain an active DoD Top Secret Security Clearance
Desired Requirements:
• Be an Elastic Certified Engineer, Elastic Certified Analyst, or have relevant Elastic certifications.
• Have experience with cloud platforms and logging pipelines (AWS, Azure, GCP, cloud-native telemetry).
• Be familiar with ECS (Elastic Common Schema) and data normalization best practices.
• Have experience implementing detection engineering or threat hunting workflows in Elastic Security.
• Have knowledge of scripting languages (Python, PowerShell, Bash) to automate ingestion and data validation.
• Have experience integrating EDR, NDR, IAM, and vulnerability management logs into a SIEM.
• Have an understanding of MITRE ATT&CK, cyber kill chain, and threat intelligence ingestion.
• Have experience mentoring or leading small technical teams.
group id: 10217692
