Data Engineer

About The Position

Requirements

• 6+ years of experience in an ISSE, ISSO, or IT role
• Experience designing and managing the end-to-end process for ingesting new security data sources into the SIEM such as Elasticsearch, including log collection, shipping, parsing, normalization, and enrichment
• Experience with data parsing and normalization, developing and maintaining robust parsing logic to break down raw, unstructured logs into well-defined, queryable fields, owning data schema such as Elastic Common Schema (ECS), and ensuring consistency across all data sources
• Experience building automated processes to enrich raw security data with critical context, including adding geolocation data to IP addresses, appending threat intelligence indicators, or adding user role information to account-based events
• Experience implementing monitoring and alerting to ensure the health and timeliness of security data pipelines, including identifying and fixing issues such as data loss, parsing errors, or delays that could blind the detection engineers
• Ability to optimize data architecture for fast search and query performance, ensuring that complex detection rules can be executed efficiently against large volumes of data without impacting the stability of the platform
• TS/SCI clearance
• HS diploma or GED
• IASAE II Certification such as CASP+, CISSP, or CSSLP Certification

Nice To Haves

• Experience integrating AI/ML capabilities to automate, enhance, and accelerate IT operations and security monitoring
• Experience with automation tools and scripting languages such as Python and PowerShell
• Experience designing, configuring, and managing unsupervised ML jobs to automatically model system, application, and network behavior to detect anomalies in real-time, including identifying unusual patterns in log data, metrics, and APM traces
• Experience developing and fine-tuning sophisticated alerting rules based on Elastic's anomaly detection and forecasting features, to reduce alert fatigue by moving beyond simple static thresholds and focusing on statistically significant deviations from the norm
• Experience building and managing AIOps workflows that correlate anomalies and alerts to help automate the initial stages of root cause analysis, providing rich context to the SOC or operations teams
• Experience applying AIOps principles to monitor the health and performance of the SIEM or data platform itself, using Elastic's forecasting capabilities to predict future resource needs such as disk space or memory, and prevent outages
• Knowledge of Zero Trust principles and frameworks such as NIST 800-207
• Ability to utilize AI/ML features to automatically categorize and identify patterns in unstructured log data, helping to quickly surface new or unusual event types that could indicate a security incident or operational problem
• Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler (GCIH), or GIAC Vulnerability Assessment Professional (GVAP) Certification

Responsibilities

• Design, develop, and implement automated workflows and integrations.
• Focus on safeguarding critical information systems and data against advanced cyber threats, with a primary emphasis on Zero Trust architecture, security data analytics, and robust automation.
• Leverage data analytics, visualization, and observability techniques to enhance threat detection, incident response, and security posture.
• Perform close collaboration with cross-functional teams, assist with the development of security policies, and perform continuous evaluation of security controls to ensure confidentiality, integrity, and availability of sensitive information.
• Automate security processes, integrate security into the CI/CD pipeline, and ensure compliance with DoD, Army, and Intelligence Community (IC) standards and regulations.

Benefits

• health, life, disability, financial, and retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program