Posted today
Secret
$120,000 - $180,000
IT - Security
Lexington, MA (On/Off-Site)
We're looking for a hands-on engineer who can deploy, operate, and scale Elastic SIEM across AWS GovCloud and on-premises environments supporting DoW operations. This isn't a single-track role— you'll work across cloud infrastructure, Kubernetes platforms, and security operations, often in the same week.
This position directly supports mission-critical systems across multiple classification levels (IL4, IL5, IL6) and requires someone comfortable working in complex, regulated environments where security and reliability aren't optional.
We're realistic about what we're asking for. This role spans three domains:
• AWS Engineering – VPCs, IAM, EKS, GovCloud
• Platform Engineering – Kubernetes, Helm, Terraform, CI/CD
• Elastic SIEM – Deployment, detection engineering, SOC integration
We're looking for someone who's an expert in two of these areas and competent in the third. We'll help you grow where you need it.
What You'll Actually Do
Day-to-day (~30% SIEM, ~30% Platform, ~30% AWS, ~10% Coordination):
• Deploy and operate Elastic Security clusters across AWS GovCloud and on-prem environments
• Build and maintain the underlying infrastructure—EKS clusters, Terraform modules, CI/CD pipelines
• Onboard log sources, build ingest pipelines, and create detection content that actually catches things
• Troubleshoot the full stack—from AWS networking to Kubernetes pods to Elasticsearch performance
• Work with SOC analysts to tune alerts, reduce noise, and improve detection coverage
• Document architectures and participate in RMF/ATO activities (you won't own this, but you'll contribute)
• Coordinate with vendors, government stakeholders, and cross-functional teams
Projects you might work on:
• Establishing IdP integrations for multi-tenancy support
• Designing a multi-node Elastic cluster that handles 100K+ EPS with proper tiering
• Building Terraform modules for repeatable SIEM deployments across enclaves
• Creating detection content mapped to MITRE ATT&CK for specific threats
• Integrating Elastic with existing SOC tools and incident response workflows
What We're Looking For
• Required SECRET CLEARANCE
• Experience in DoW IL4+ environments – You understand the constraints and can work within them
• Hands-on expertise in at least TWO of the following:
AWS Engineering (Expert)
• VPC architecture (subnets, security groups, NACLs, transit gateway, VPC endpoints)
• IAM policies, roles, and cross-account patterns
• Core services depth: EC2, S3, EKS, CloudWatch, CloudTrail, KMS
• AWS GovCloud experience strongly preferred
• Can troubleshoot at the network and API level, not just console clicking
Platform Engineering (Expert)
• Kubernetes administration (EKS, RKE2, or similar—not just kubectl user)
• Helm chart development or significant customization
• Terraform (writing modules, managing state, not just terraform apply )
• CI/CD pipeline design (GitLab CI, GitHub Actions, ArgoCD, or similar)
• Container troubleshooting (networking, storage, resource constraints)
Elastic SIEM Engineering (Expert)
• Elastic Stack deployment and administration (Elasticsearch, Kibana, Fleet, Elastic Agent)
• Detection rule development using Elastic Security
• Ingest pipeline creation (parsing, normalization, ECS mapping)
• KQL proficiency for queries and detection logic
• Index lifecycle management and cluster performance tuning
Competence in the third area – You don't need to be an expert, but you should be able to operate with guidance and learn quickly
Scripting ability – Python and/or Bash for automation, log parsing, and tooling
Communication skills – Can explain technical decisions to non-technical stakeholders and document your work
Preferred
Experience with cross-domain solutions and multi-classification environments STIG hardening and compliance scanning (ACAS, Nessus, SCAP) Detection engineering methodology (ATT&CK mapping, purple team validation) Air-gapped/disconnected deployment experience Prior military or DoW contractor experience
Certifications (Nice to Have, Not Required)
• AWS Solutions Architect (Associate or Professional)
• Elastic Certified Engineer or Analyst
• CKA/CKAD (Kubernetes)
• Security+ (often required for DoD baseline)
• GIAC certifications (GCDA, GCIA, GCIH
Clearance
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.
Compensation and Benefits
Salary Range: $120,000 - $180,000 (Compensation is determined by various factors, including but not limited to location, work experience, skills, education, certifications, seniority, and business needs. This range may be modified in the future.)
Benefits: Gridiron offers a comprehensive benefits package including medical, dental, vision insurance, HSA, FSA, 401(k), disability & ADD insurance, life and pet insurance to eligible employees. Full-time and part-time employees working at least 30 hours per week on a regular basis are eligible to participate in Gridiron’s benefits programs.
Gridiron IT Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status or disability status.
Gridiron IT is a Women Owned Small Business (WOSB) headquartered in the Washington, D.C. area that supports our clients' missions throughout the United States. Gridiron IT specializes in providing comprehensive IT services tailored to meet the needs of federal agencies. Our capabilities include IT Infrastructure & Cloud Services, Cyber Security, Software Integration & Development, Data Solution & AI, and Enterprise Applications. These capabilities are backed by Gridiron IT's experienced workforce and our commitment to ensuring we meet and exceed our clients' expectations.
This position directly supports mission-critical systems across multiple classification levels (IL4, IL5, IL6) and requires someone comfortable working in complex, regulated environments where security and reliability aren't optional.
We're realistic about what we're asking for. This role spans three domains:
• AWS Engineering – VPCs, IAM, EKS, GovCloud
• Platform Engineering – Kubernetes, Helm, Terraform, CI/CD
• Elastic SIEM – Deployment, detection engineering, SOC integration
We're looking for someone who's an expert in two of these areas and competent in the third. We'll help you grow where you need it.
What You'll Actually Do
Day-to-day (~30% SIEM, ~30% Platform, ~30% AWS, ~10% Coordination):
• Deploy and operate Elastic Security clusters across AWS GovCloud and on-prem environments
• Build and maintain the underlying infrastructure—EKS clusters, Terraform modules, CI/CD pipelines
• Onboard log sources, build ingest pipelines, and create detection content that actually catches things
• Troubleshoot the full stack—from AWS networking to Kubernetes pods to Elasticsearch performance
• Work with SOC analysts to tune alerts, reduce noise, and improve detection coverage
• Document architectures and participate in RMF/ATO activities (you won't own this, but you'll contribute)
• Coordinate with vendors, government stakeholders, and cross-functional teams
Projects you might work on:
• Establishing IdP integrations for multi-tenancy support
• Designing a multi-node Elastic cluster that handles 100K+ EPS with proper tiering
• Building Terraform modules for repeatable SIEM deployments across enclaves
• Creating detection content mapped to MITRE ATT&CK for specific threats
• Integrating Elastic with existing SOC tools and incident response workflows
What We're Looking For
• Required SECRET CLEARANCE
• Experience in DoW IL4+ environments – You understand the constraints and can work within them
• Hands-on expertise in at least TWO of the following:
AWS Engineering (Expert)
• VPC architecture (subnets, security groups, NACLs, transit gateway, VPC endpoints)
• IAM policies, roles, and cross-account patterns
• Core services depth: EC2, S3, EKS, CloudWatch, CloudTrail, KMS
• AWS GovCloud experience strongly preferred
• Can troubleshoot at the network and API level, not just console clicking
Platform Engineering (Expert)
• Kubernetes administration (EKS, RKE2, or similar—not just kubectl user)
• Helm chart development or significant customization
• Terraform (writing modules, managing state, not just terraform apply )
• CI/CD pipeline design (GitLab CI, GitHub Actions, ArgoCD, or similar)
• Container troubleshooting (networking, storage, resource constraints)
Elastic SIEM Engineering (Expert)
• Elastic Stack deployment and administration (Elasticsearch, Kibana, Fleet, Elastic Agent)
• Detection rule development using Elastic Security
• Ingest pipeline creation (parsing, normalization, ECS mapping)
• KQL proficiency for queries and detection logic
• Index lifecycle management and cluster performance tuning
Competence in the third area – You don't need to be an expert, but you should be able to operate with guidance and learn quickly
Scripting ability – Python and/or Bash for automation, log parsing, and tooling
Communication skills – Can explain technical decisions to non-technical stakeholders and document your work
Preferred
Experience with cross-domain solutions and multi-classification environments STIG hardening and compliance scanning (ACAS, Nessus, SCAP) Detection engineering methodology (ATT&CK mapping, purple team validation) Air-gapped/disconnected deployment experience Prior military or DoW contractor experience
Certifications (Nice to Have, Not Required)
• AWS Solutions Architect (Associate or Professional)
• Elastic Certified Engineer or Analyst
• CKA/CKAD (Kubernetes)
• Security+ (often required for DoD baseline)
• GIAC certifications (GCDA, GCIA, GCIH
Clearance
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.
Compensation and Benefits
Salary Range: $120,000 - $180,000 (Compensation is determined by various factors, including but not limited to location, work experience, skills, education, certifications, seniority, and business needs. This range may be modified in the future.)
Benefits: Gridiron offers a comprehensive benefits package including medical, dental, vision insurance, HSA, FSA, 401(k), disability & ADD insurance, life and pet insurance to eligible employees. Full-time and part-time employees working at least 30 hours per week on a regular basis are eligible to participate in Gridiron’s benefits programs.
Gridiron IT Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status or disability status.
Gridiron IT is a Women Owned Small Business (WOSB) headquartered in the Washington, D.C. area that supports our clients' missions throughout the United States. Gridiron IT specializes in providing comprehensive IT services tailored to meet the needs of federal agencies. Our capabilities include IT Infrastructure & Cloud Services, Cyber Security, Software Integration & Development, Data Solution & AI, and Enterprise Applications. These capabilities are backed by Gridiron IT's experienced workforce and our commitment to ensuring we meet and exceed our clients' expectations.
group id: 91017793
