Job Requirements
DC
Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
US CITIZEN ONLY. SECRET CLEARANCE REQUIRED. MUST HAVE IT-II CERT (IE SECURITY+)
SIEM/Elastic Specialist will:
• Be responsible for designing & setting up the ingestion of various customer data flows to include pre-processing data into a useable format, ensuring proper parsing and indexing
• Collaborate with cross-functional teams and responsible for designing & integrating Elastic with a wide variety of data sources and developing associated knowledge objects such as queries, dashboards, reports, alerts for monitoring and analytics
• Perform data transformation using Elastic query language
• Track the health of the Elastic environment and optimize its performance. Troubleshoot and resolve issues related to security, performance, data indexing, and searches
• Perform watch-officer monitoring duties, including:
• monitoring, detecting, investigating, and responding to cybersecurity threats and events using Elastic /SIEM Platform
• Reviewing correlated alerts and logs for compromise scenarios
• Performing triage of security alerts to prioritize response
• Identifying false positives
• Investigating security incidents and determining root cause
• Collecting and preserving logs for analysis
• Escalating confirmed incidents to leadership or SOC teams
• Coordinating with IT or DevOps for containment and remediation
• Creating after-action reports (AAR) post-incident
• In addition, the role may include assistance with monitoring Vulnerability Management tools, such as ACAS and ePO.
QUALIFICATIONS:
• Have at least three years of working knowledge and hands-on experience with Elastic/Splunk query languages, monitoring SIEM dashboards and real-time alerts, fine-tuning SIEM rules to reduce noise, and NIST 800-53 & DevSecOps frameworks
SIEM/Elastic Specialist will:
• Be responsible for designing & setting up the ingestion of various customer data flows to include pre-processing data into a useable format, ensuring proper parsing and indexing
• Collaborate with cross-functional teams and responsible for designing & integrating Elastic with a wide variety of data sources and developing associated knowledge objects such as queries, dashboards, reports, alerts for monitoring and analytics
• Perform data transformation using Elastic query language
• Track the health of the Elastic environment and optimize its performance. Troubleshoot and resolve issues related to security, performance, data indexing, and searches
• Perform watch-officer monitoring duties, including:
• monitoring, detecting, investigating, and responding to cybersecurity threats and events using Elastic /SIEM Platform
• Reviewing correlated alerts and logs for compromise scenarios
• Performing triage of security alerts to prioritize response
• Identifying false positives
• Investigating security incidents and determining root cause
• Collecting and preserving logs for analysis
• Escalating confirmed incidents to leadership or SOC teams
• Coordinating with IT or DevOps for containment and remediation
• Creating after-action reports (AAR) post-incident
• In addition, the role may include assistance with monitoring Vulnerability Management tools, such as ACAS and ePO.
QUALIFICATIONS:
• Have at least three years of working knowledge and hands-on experience with Elastic/Splunk query languages, monitoring SIEM dashboards and real-time alerts, fine-tuning SIEM rules to reduce noise, and NIST 800-53 & DevSecOps frameworks
group id: 10114975