Security Data Engineer

About The Position

Requirements

• Bachelor's degree and 4-8 years of relevant experience.
• Minimum 3 years of experience in data engineering or analysis.
• Certifications: 8570 IAT I & IAM II (e.g., Security+), and CSSP Analyst (e.g., CEH, GCIH).
• Active TS/SCI security clearance.
• Strong written, verbal, and interpersonal communication skills, with the ability to brief senior leadership (SES & Flag Officers) as needed.

Responsibilities

• Maintain awareness of operational data feeds and ensure traceability across systems (e.g., Kafka, Elastic, CI/CD tools).
• Build and maintain scalable ingestion and normalization pipelines for Elastic, ensuring architectural alignment.
• Develop custom enhancements and enrichments for diverse log sources.
• Configure, optimize, and scale Elastic components (Elasticsearch, Logstash, Kibana, Fleet) for high-throughput workloads.
• Manage index templates, mappings, and schemas to support analytics, detection logic, and long-term data strategies.
• Implement validation, deduplication, and quality control for cybersecurity telemetry.
• Automate workflows using scripting languages (e.g., Python, Bash) for ingestion, schema updates, and transformations.
• Collaborate with Detection Engineering, Threat Analysis, and Endpoint teams to align data models with operational needs.
• Monitor and optimize ingestion/indexing performance for efficiency and scalability.
• Create and maintain technical documentation, SOPs, and engineering artifacts for sustainment and knowledge sharing.