Senior Security Integration Engineer (Elastic Stack) 101934

Senior Security Integration Engineer (Elastic Stack) 
Location: Schriever SFB, Colorado Springs, CO 
Required Clearance: Secret  

Since 1999, ITEC has been a powerhouse in supporting mission-critical programs for the DoD and Intelligence community, building a solid reputation along the way. At ITEC, we don’t just care for our employees—we champion them with competitive salaries, an outstanding employee care program, and a benefits package that includes Medical, Dental, Vision, Paid Time Off, and a 401k.

U.S. Citizenship Mandatory: Due to our US federal government contract, candidates for this position are required to be a US Citizen and will be subject to a background investigation. 

Job Responsibilities:

• Be responsible for onboarding, integrating, and optimizing security data sources into the Elastic Security Platform.
• Collaborate with customer technical teams to map their environment, plan ingestion strategies, update network and data flow diagrams, validate logging pipelines, and ensure successful end-to-end SIEM integration.
• Conduct assessments of customer environments and identify required logging, telemetry, and network visibility gaps.
• Translate customer operational requirements into ingestion roadmaps and technical implementation plans.
• Develop, maintain, and version-control network diagrams, data flow diagrams, and SIEM onboarding documentation.
• Produce runbooks, integration guides, and operational reference materials.
• Monitor ingestion health and coordinate issue resolution with customers and internal teams.
• Ensure adherence to security policies, logging standards, and architectural governance.
• Provide technical guidance and mentorship to junior engineers working on data ingestion and SIEM onboarding tasks.
• Contribute to onboarding playbooks, best practices, and internal training sessions.
• Serve as a subject-matter expert on Elastic SIEM capabilities and logging integration patterns. 

Required Skills:

• Must have 10, or more, years of general (full-time) work experience, may be reduced with completion of advanced education.
• Must have 5, or more, years of experience in cybersecurity engineering, systems integration, or SIEM operations.
• Must have 2, or more, years of experience in a lead or senior role, mentoring and guiding other team members.
• Must have a strong understanding of enterprise networks, including routing, switching, VPNs, firewalls, and network security tools.
• Experience with data ingestion, processing, and enrichment techniques.
• Must be able to build and maintain network and data flow diagrams (e.g., Visio, Lucidchart, Draw.io).
• Must be proficient in Linux systems, command-line tools, and system administration fundamentals.
• Must have experience working directly with customers in a technical consulting or engineering capacity.
• Must have a DoD 8570.01-M IAT Level II certification with Continuing Education (CE) - (CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP).
• Expert proficiency with Elastic Stack design, ingestion, and optimization.
• Advanced competency in network architecture, security telemetry, and log analytics.
• Strong troubleshooting skills covering ingestion failures, ECS issues, agent deployment, and pipeline errors.
• Skilled at engaging customers, translating requirements, and articulating complex integrations clearly.
• Effective at producing structured, high-quality documentation and diagrams.
• Demonstrated ownership of complex projects from planning through execution.
• Detail-oriented with a focus on accuracy, completeness, and mission assurance.
• Ability to balance customer requirements with architectural standards and best practices. 

Desired Skills:

• Have 1, or more, of the following: Elastic Certified Engineer, Elastic Certified Analyst, or relevant Elastic certifications.
• Have experience with cloud platforms and logging pipelines (AWS, Azure, GCP, cloud-native telemetry).
• Be familiar with ECS (Elastic Common Schema) and data normalization best practices.
• Have experience implementing detection engineering or threat hunting workflows in Elastic Security.
• Have knowledge of scripting languages (Python, PowerShell, Bash) to automate ingestion and data validation.
• Have experience integrating EDR, NDR, IAM, and vulnerability management logs into a SIEM.
• Have an understanding of MITRE ATT&CK, cyber kill chain, and threat intelligence ingestion.
• Have experience mentoring or leading small technical teams.

ITEC is a wholly owned subsidiary of ManpowerGroup Public Sector.