Security Engineer

About The Position

Requirements

• 6+ years of experience administering Elastic Stack, including Elasticsearch, Kibana, Logstash, Beats, or Fleet
• Experience managing Elasticsearch index lifecycle policies, index templates, and data streams at scale, and building Kibana dashboards, visualizations, and lens-based analytics for security operations
• Experience with Elastic Security detection rules, alerts, and case management workflows
• Experience with log ingestion pipeline design, including parsing, enrichment, and normalization across heterogeneous log sources such as network, endpoint, identity, and cloud
• Experience with Elastic Common Schema (ECS) and mapping non-standard log sources into ECS-compliant fields
• Experience with ES|QL or EQL for advanced threat hunting and detection-as-code workflows
• Experience working in a DoD, IC, or federal cybersecurity environment such as SOC, SIEM operations, or defensive cyber
• Secret clearance
• HS diploma or GED

Nice To Haves

• Experience building SOAR-related automation around Elastic, including webhook actions, connector integrations, or n8n/XSOAR orchestration
• Experience with Elastic's transforms and runtime fields for creating enriched security datasets and risk scoring indices
• Experience with RAG architectures or vector search in Elasticsearch for security knowledge retrieval, including TTP lookup and incident context enrichment
• Experience with Elastic's ML jobs, including for User and Entity Behavior Analytics (UEBA), rare process detection, or anomalous login patterns
• Experience with Elastic AI Assistant or integration of LLMs into Elastic Security workflows such as natural language querying and alert triage assistance
• Experience building or fine-tuning ML models outside Elastic, including Python, scikit-learn, and PyTorch, for security use cases such as threat detection or lateral movement scoring
• Knowledge of AI/ML concepts applied to security analytics such as anomaly detection, behavioral baselining, or threat scoring
• TS/SCI clearance

Responsibilities

• Design and deploy firewalls, intrusion detection systems or intrusion prevention systems (IDS/IPS), and encryption protocols.
• Conduct regular penetration tests and security audits to identify and patch system weaknesses.
• Perform Identity and Access Management (IAM), including implementing policies to ensure only authorized users can access sensitive company data.
• Lead or assist in the technical response to security breaches, including digital forensics and damage mitigation.
• Create and enforce company-wide security standards such as password management and data classification.
• Develop relationships quickly and easily with other teams, communicating the complexities of security with a wide variety of audiences, including senior management.
• Manage infrastructure and cybersecurity controls, including enhanced detection and vulnerability capabilities and improved event correlation in large enterprises.
• Lead risk and vulnerability assessments in network, system, and application areas.
• Leverage big data analytics and traditional security event types to identify advanced threats or indicators of compromise.

Benefits

• health, life, disability, financial, and retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program