Cyber Security Incident and Event Management/Elastic Specialist

US CITIZEN ONLY. SECRET CLEARANCE REQUIRED.  MUST HAVE IT-II CERT (IE SECURITY+)

SIEM/Elastic Specialist will:

    • Be responsible for designing & setting up the ingestion of various customer data flows to include pre-processing data into a useable format, ensuring proper parsing and indexing
    • Collaborate with cross-functional teams and responsible for designing & integrating Elastic with a wide variety of data sources and developing associated knowledge objects such as queries, dashboards, reports, alerts for monitoring and analytics
    • Perform data transformation using Elastic query language 
    • Track the health of the Elastic environment and optimize its performance. Troubleshoot and resolve issues related to security, performance, data indexing, and searches
    • Perform watch-officer monitoring duties, including:
        monitoring, detecting, investigating, and responding to cybersecurity threats and events using Elastic /SIEM Platform
        Reviewing correlated alerts and logs for compromise scenarios
        Performing triage of security alerts to prioritize response
        Identifying false positives
        Investigating security incidents and determining root cause
        Collecting and preserving logs for analysis
        Escalating confirmed incidents to leadership or SOC teams
        Coordinating with IT or DevOps for containment and remediation
        Creating after-action reports (AAR) post-incident
    • In addition, the role may include assistance with monitoring Vulnerability Management tools, such as ACAS and ePO.

QUALIFICATIONS:

• Have at least three years of working knowledge and hands-on experience with Elastic/Splunk query languages, monitoring SIEM dashboards and real-time alerts, fine-tuning SIEM rules to reduce noise, and NIST 800-53 & DevSecOps frameworks