Lead Elastic Stack Cybersecurity Engineer

Leidos has a current job opportunity for a Senior Cybersecurity Engineerspecializing indata integration content development and system architecture.Working with Elastic Stack (Elasticsearch Logstash Kibana) the individual would lead a team in developing managing and optimizing scalable search and analytics solutionsfor the DISA GSMO II program inPearl HarborHI.

A successful candidate will have experience in cyber analysis incident responseSIEM operations content development visualizations and reporting.This role requires technicalexpertisewith Elastic a deep understanding of SIEM architecture and handson experience working with cybersecurity relevant data cyber incident handling and monitoring in secure environments.

POSITION SUMMARY:

The Senior Cybersecurity / ElasticDetection Engineer will leadin development of SIEM/SOAR capabilities to supportthe teams Cyber Security Service Provider (CSSP) services. They will create test implementand execute standard procedures for the frontend operation withinElastic. They will alsodevelop reports dashboards analytic rules filters andmetrics.

PRIMARY RESPONSIBILITIES:

• Monitorandoptimizethe performance of content within the Elastic Stack clusters to ensure high availability reliability and performance of content supporting the Cyber Security Service Provider (CSSP) services.

• Create andmaintaincomprehensive documentation for content processes and procedures.
• Design develop andmaintaincustom dashboards using Elastic for monitoring and visualization of metrics logs and traces.
• Support customerdriven visualization requirements and collaborate on data integration and Kibana dashboard development.
• Work with the site threat emulation/analytic development team to maximize detectionopportunities correlated with the MITRE ATT&CK framework.

BASIC QUALIFICATIONS:

• Active DoD Secret security clearance and ability to obtain TS/SCI.

• An ability to think critically work independently and regularly communicate updates to the supported stakeholders.
• Highly motivated and able to work independently with minimal supervision while also thriving in a collaborative team environment.
• Strong written and oral communications skills and strong analytical and troubleshootingskills.
• Indepth knowledge of architecture engineering and operations ofElastic Stack.
• Demonstratedcommitment to training selfstudy andmaintainingproficiencyin thetechnical cyber security domain.
• Bachelors degree and 8years of prior relevant experience;additionalworkexperience or cyber courses/certifications may be substituted in lieu of degree.
• DoD 8570 CSSPA level Certification such as CEHCySA GCIA or other certification isrequired within 180 days of hire.
• DoD 8570 IAT level II or higher certification such as CompTIA Security CE ISC2 SSCPSANS GSEC prior to starting.

PREFERRED QUALIFICATIONS:

• CND experience (Protect Detect Respond and Sustain) within a Computer IncidentResponse organization.

• Advanced certifications or any formal certified training in Elastic or other SIEMs are preferred.

• Strong knowledge of security information and event management (SIEM) systems data pipelines and threat detection methodologies.

• Demonstratedunderstanding of the life cycle of network threats attacks attack vectorsand methods of exploitation with an understanding of intrusion set tactics techniques andprocedures (TTPs).

• Advanced understanding of TCP/IP common networking ports and protocols traffic flowsystem administration OSI model defenseindepthand common security elements.
• Proven ability to develop test and deploy highfidelity security analytics and detection rules. Experience with a scripting language like Python is highly desirable.

• Proficiency with GitLab (or similar version control systems) and collaboration platforms (e.g. Microsoft Teams Slack).
• Familiarity or experience in IntelligenceDriven Defense and/or Cyber Chainmethodology.
• Exceptional analytical and problemsolving skills with a keen eye for identifying and addressing security gaps.
• Demonstrated ability to analyze existing processes identify areas for improvement and implement solutions to enhance efficiency and effectiveness.

• Existing 8570 CSSP Analyst Certifications (CEH)CySA etc.

• Vendorspecific certifications.

WHY LEIDOS

• Companypaid relocation to Hawaii
• Competitive compensation plans (including health and wellness programs flexible leave and immediatelyvested 401k)
• Robust professional development and career growth program(s) within the defensive cyber space (including upskilling opportunities mentorship and 1:1 guidance and jobmatchmaking from career coaches)