Sweet consulting projects, career opps, whatever you’re looking for, find it at The Squires Group. Jobs in ERP, IT, Cyber and Accounting & Finance.
ELK SIEM Engineer
Ft. Meade, MD 20755
We are seeking an experienced ELK SIEM Engineer for a Department of Defense Project located in Ft Meade, MD. This DoD program secures and protects its information networks by deploying Joint Regional Security Stacks (JRSS) which are a suite of equipment that performs firewall functions, intrusion detection and prevention, enterprise management, Virtual Routing and Forwarding (VRF), and provides a host of network security capabilities.
As an Elasticsearch, Log stash, and Kibana (ELK) Engineer, you will be responsible for providing configuration, implementation, configuration, and ongoing performance enhancement work for ELK in the JRSS environment.
Per our Federal Government Contract, candidates must have an active Secret Clearance.
- Provide SME knowledge of Full Packet Capture via Google Stenographer, Protocol Analysis and Metadata via Bro, Signature Based Alerting via Suricata, Recursive File Scanning via FSF, message queuing via Filebeat, Message Queuing, and Distribution via Apache Kafka and Message Transport via Log stash
- Create viewable Kibana dashboards to provide visibility into ingested log data
- Resolve ELK infrastructure or system issues
- Create Suricata security rules (alerts) and Kibana dashboards that trigger on anomalous activities or threat detections
- Create alerts that trigger/activate on configured setting to deploy or sends email to a particulate destination email or groups
- Troubleshoot and tune signature-based alerting via Suricata, recursive file scanning via FSF, message queuing and distribution via Apache Kafka and message transport via Log stash
- Provide ELK SME support, assisting customers when ingestion of logs is not working properly or with ELK communication issues
- Bachelor’s degree or equivalent experience/combined education PLUS 12 years of experience and knowledge of the following:
- TCP/IP communications
- Router and firewall functionality on a network
- MS Office tool suite
- DoD 8570 IAT2 certification is required
- Strong knowledge of Ansible or Python scripting, Linux CENTOS/ Red Hat operating system commands, file data storage, indexing, and searching via Elasticsearch
Experience with Splunk, IDS/IPS technologies, NESSUS, or Demisto
- Experience with one or more of the CND tools is preferred:
- Fidelis DLP and MDE
- Tipping Point
- ELK tools
- Per our Federal Government Contract, candidates must have an active Secret Clearance
The Squires Group, Inc. is an Equal Opportunity Employer M/F/Vets/Disabled.