Elastic SIEM Engineer with Security Clearance

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work ASRC Federal is hiring an Elastic SIEM Engineer in support of our Defense Counterintelligence Security Agency (DCSA) program based out of Hanover MD. Remote flexibility available. Telework offered with a requirement to be onsite up to one (1) day a week in Hanover MD. Position Description: This is a technical, hands-on role responsible for the successful operation of a variety of cybersecurity tools, logging framework, and cybersecurity infrastructure.
• Design, develop, and maintain custom dashboards using Elastic stack for monitoring and visualization of system metrics, logs, and traces.
• Monitor and optimize the performance of Elastic Stack clusters to ensure high availability, reliability, and performance.
• Work with data sources and Extract, Transform, Load (ETL) processes to integrate and normalize data into Elasticsearch, ensuring data quality and consistency.
• Implement and maintain security best practices for Elastic Stack, including access controls, encryption, and compliance with regulatory standards.
• Contributions to infrastructure, data pipeline, analytics dashboards, and other resources will be delivered to threat analysts for consumption.
• Facilitate data ingestion of logs including ETL functions to develop dashboards, visualization, and alerting.
• Create Standard Operation Procedures (SOPs) and perform index administration, maintenance and optimization.
• Develop daily and weekly PowerPoint presentations to brief management and the team.
• Ability to analyze security vulnerability reports and develop/implement a plan to Recognizes and seizes opportunities to improve products, services or approaches.
• Design, document, build, secure, and maintain Elastic Stack solutions deployed in the Cloud or on-premises.
• Engagement with avenues of influence (Splunk product managers, user groups) to align platform capabilities with business requirements. Minimum Requirements: Five (5) years of experience in cybersecurity, information technology or security engineering One (1) year of direct Elastic administration experience (Three (3) years of direct Elastic administration experience preferred) Active Top-Secret Clearance REQUIRED, eligible to be upgraded to TS/SCI Bachelor's degree in information security or related field and/or equivalent combination of experience. Certifications (Required) Must meet DoD DD8140/DoD8570.01-M IAT Level II at the time of hire Required Skills: Experience with developing automated capabilities for securing environments Experience with STIG compliance and vulnerability management Knowledge of JFQ DoDIN DoD 8510.01 RMF IA Controls (IACs) and implementation An extensive knowledge of application or infrastructure systems architecture and technologies Ability to identify and mitigate critical vulnerabilities Experience integrating Elastic with Swimlane Cloud certifications and experience (AWS, Azure) Certifications: DoD 8140/8570 IAT Level II: CCNA Security CySA + GICSP GSEC Security+ SSCP In addition, one or more of the following certifications is preferred: GIAC Certified Detection Analyst (GCDA) Elastic Certified Engineer Elastic Certified Analyst Elastic Certified Observability Engineer Swimlane Certified SOAR Administrator Certified SOC Analyst (EC-CSA) AWS Certified Solutions Architect - Associate This position is offering a pay range of $103,936 - $157,000 depending on experience, seniority, geographic locations, and factors permitted by law. We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law. EEO Statement ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.