Lead Elastic Stack Cybersecurity Engineer

About The Position

Requirements

• Active DoD Secret security clearance and ability to obtain TS/SCI.
• An ability to think critically, work independently, and regularly communicate updates to the supported stakeholders.
• Highly motivated and able to work independently with minimal supervision, while also thriving in a collaborative team environment.
• Strong written and oral communications skills and strong analytical and troubleshooting skills.
• In-depth knowledge of architecture, engineering, and operations of Elastic Stack.
• Demonstrated commitment to training, self-study, and maintaining proficiency in the technical cyber security domain.
• Bachelor's degree and 8+ years of prior relevant experience; additional work experience or cyber courses/certifications may be substituted in lieu of degree.
• DoD 8570 CSSP-A level Certification such as CEH, CySA+, GCIA or other certification is required within 180 days of hire.
• DoD 8570 IAT level II or higher certification such as CompTIA Security+ CE, ISC2 SSCP, SANS GSEC prior to starting.

Nice To Haves

• CND experience (Protect, Detect, Respond, and Sustain) within a Computer Incident Response organization.
• Advanced certifications or any formal certified training in Elastic or other SIEMs are preferred.
• Strong knowledge of security information and event management (SIEM) systems, data pipelines, and threat detection methodologies.
• Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures (TTPs).
• Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
• Proven ability to develop, test, and deploy high-fidelity security analytics and detection rules.
• Experience with a scripting language like Python is highly desirable.
• Proficiency with GitLab (or similar version control systems) and collaboration platforms (e.g., Microsoft Teams, Slack).
• Familiarity or experience in Intelligence-Driven Defense and/or Cyber Kill Chain methodology.
• Exceptional analytical and problem-solving skills with a keen eye for identifying and addressing security gaps.
• Demonstrated ability to analyze existing processes, identify areas for improvement, and implement solutions to enhance efficiency and effectiveness.
• Existing 8570 CSSP Analyst Certifications (CEH), CySA+, etc.
• Vendor-specific certifications.

Responsibilities

• Monitor and optimize the performance of content within the Elastic Stack clusters to ensure high availability, reliability, and performance of content supporting the Cyber Security Service Provider (CSSP) services.
• Create and maintain comprehensive documentation for content, processes, and procedures.
• Design, develop, and maintain custom dashboards using Elastic for monitoring and visualization of metrics, logs, and traces.
• Support customer-driven visualization requirements and collaborate on data integration and Kibana dashboard development.
• Work with the site threat emulation/analytic development team to maximize detection opportunities correlated with the MITRE ATT&CK framework.

Benefits

• Company-paid relocation to Hawaii
• Competitive compensation plans (including health and wellness programs, flexible leave, and immediately-vested 401k)
• Robust professional development and career growth program(s) within the defensive cyber space (including upskilling opportunities, mentorship, and 1:1 guidance and job-matchmaking from career coaches)