Job Requirements
Quantico, VA
Top Secret Polygraph Unspecified
Career Level not specified
$180,000 - $230,000
Job Description
Position: Elastic SIEM / ECK Engineer
Location: Quantico VA
Duration: Period of Performance through November. Post November we will look to place the candidate on another project.
Clearance: Active TS
Salary: $180k-$230k
Job Description:
• Design, deploy, and modernize the customer's Elastic platform on AWS by migrating from Elastic Cloud Enterprise (ECE) to Elastic Cloud on Kubernetes (ECK).
• Build out production ready ECK clusters on AWS, including architecture, configuration, and baseline hardening.
• Migrate an existing Splunk SIEM environment (approximately 6 TB/day of data) to Elastic SIEM.
• Transition Splunk knowledge objects, including:
* 375 detection rules
* 470+ dashboards
* 7 SOAR automations
• Configure and validate data ingestion pipelines, normalization, and Elastic Common Schema (ECS) field mappings.
• Implement, tune, and validate detection rules to ensure parity and improved signal quality post migration.
• Integrate SIEM workflows and automation to support security operations and response use cases.
• Implement Elastic Observability for the DISS application, including:
* Application Performance Monitoring (APM)
* Distributed tracing and performance visibility
• Execute production cutover from legacy platforms to Elastic, ensuring continuity of operations.
• Perform end to end validation of data ingestion, detections, dashboards, workflows, automations, and observability telemetry.
• Provide post cutover stabilization and validation support.
Location: Quantico VA
Duration: Period of Performance through November. Post November we will look to place the candidate on another project.
Clearance: Active TS
Salary: $180k-$230k
Job Description:
• Design, deploy, and modernize the customer's Elastic platform on AWS by migrating from Elastic Cloud Enterprise (ECE) to Elastic Cloud on Kubernetes (ECK).
• Build out production ready ECK clusters on AWS, including architecture, configuration, and baseline hardening.
• Migrate an existing Splunk SIEM environment (approximately 6 TB/day of data) to Elastic SIEM.
• Transition Splunk knowledge objects, including:
* 375 detection rules
* 470+ dashboards
* 7 SOAR automations
• Configure and validate data ingestion pipelines, normalization, and Elastic Common Schema (ECS) field mappings.
• Implement, tune, and validate detection rules to ensure parity and improved signal quality post migration.
• Integrate SIEM workflows and automation to support security operations and response use cases.
• Implement Elastic Observability for the DISS application, including:
* Application Performance Monitoring (APM)
* Distributed tracing and performance visibility
• Execute production cutover from legacy platforms to Elastic, ensuring continuity of operations.
• Perform end to end validation of data ingestion, detections, dashboards, workflows, automations, and observability telemetry.
• Provide post cutover stabilization and validation support.
group id: 10290999
