Cyber Security Engineer I

About The Position

Requirements

• 3 years of experience in maintaining an enterprise Elastic cluster
• Proficiency in managing and maintaining SIEM and SOAR solutions.
• Experience with Elasticsearch Enterprise (including Logstash and Kibana) for SIEM operations.
• Strong understanding of security event and incident management processes.
• Knowledge of scripting languages (e.g., Python, PowerShell) for automation and integration.
• Experience with threat detection and response methodologies.
• Extensive experience with Linux Administration of RHEL Operating Systems
• Strong experience with networking protocols, solutions, and methodologies
• US Citizen
• Possess a high school diploma or GED
• Available for on-call after-hours rotational support as needed
• Position may require up to 25% travel as needed
• OCONUS travel may be required
• 8570 IAT Level II Certification
• Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), or Elastic Certified Engineer
• Minimum of a Secret Clearance Required with ability to obtain Top Secret

Nice To Haves

• Experience with other SIEM platforms (e.g., Splunk).
• Knowledge of security frameworks and standards (e.g., MITRE ATT&CK, NIST).
• Familiarity with network and endpoint security technologies.
• Experience with security incident response and digital forensics.

Responsibilities

• Design, implement, and maintain the SIEM and SOAR infrastructure (Elastic and Splunk).
• Manage and maintain an enterprise Elastic cluster to support SIEM operations for the CSSP.
• Monitor and analyze security events and incidents to protect information assets.
• Assist in the development and maintenance of use cases, rules, and alerts for threat detection and response.
• Integrate SIEM and SOAR systems with other security tools and data sources.
• Automate security operations workflows and incident response procedures using SOAR platforms.
• Perform regular system monitoring and health checks to ensure the integrity and availability of SIEM and SOAR systems.
• Conduct performance tuning, capacity planning, and scalability assessments for SIEM and SOAR solutions.
• Implement and manage data ingestion pipelines for security event data.
• Perform regular updates, patches, and upgrades for SIEM and SOAR systems.
• Create and maintain documentation for system configurations, processes, and standard operating procedures.
• Collaborate with security analysts, operations analysts, incident responders, and other CSSP teams to ensure effective use of SIEM and SOAR capabilities.

Benefits

• Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.
• 401k Retirement Plan with Matching Contribution is immediately available and vested.
• Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.
• Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.
• Employee Assistance Program: Counseling/legal assistance and other employee well-being programs are also offered.