Cyber Security Incident and Event Management/Elastic Specialist

Diligent Consulting Inc

DC

Apply

JOB DETAILS

JOB TYPE

Full-time

SKILLS

Analysis Skills, CompTIA Security+, Computer Security, Cross-Functional, Customer/Client Research, Data Processing, Database Programming Languages, DevOps, ElastiC, Establish Priorities, Identify Issues, Internet Security, Leadership, Microsoft Internet Explorer Browser, Patient Assessment, Performance Tuning/Optimization, Problem Solving Skills, Reporting Dashboards, Root Cause Analysis, Security Information and Event Management (SIEM), Splunk, U.S. National Institute of Standards and Technology (NIST), United States Citizen

LOCATION

POSTED

30+ days ago

US CITIZEN ONLY. SECRET CLEARANCE REQUIRED. MUST HAVE IT-II CERT (IE SECURITY+)

SIEM/Elastic Specialist will:

• Be responsible for designing & setting up the ingestion of various customer data flows to include pre-processing data into a useable format, ensuring proper parsing and indexing
• Collaborate with cross-functional teams and responsible for designing & integrating Elastic with a wide variety of data sources and developing associated knowledge objects such as queries, dashboards, reports, alerts for monitoring and analytics
• Perform data transformation using Elastic query language
• Track the health of the Elastic environment and optimize its performance. Troubleshoot and resolve issues related to security, performance, data indexing, and searches
• Perform watch-officer monitoring duties, including:
○ monitoring, detecting, investigating, and responding to cybersecurity threats and events using Elastic /SIEM Platform
○ Reviewing correlated alerts and logs for compromise scenarios
○ Performing triage of security alerts to prioritize response
○ Identifying false positives
○ Investigating security incidents and determining root cause
○ Collecting and preserving logs for analysis
○ Escalating confirmed incidents to leadership or SOC teams
○ Coordinating with IT or DevOps for containment and remediation
○ Creating after-action reports (AAR) post-incident
• In addition, the role may include assistance with monitoring Vulnerability Management tools, such as ACAS and ePO.

QUALIFICATIONS:

• Have at least three years of working knowledge and hands-on experience with Elastic/Splunk query languages, monitoring SIEM dashboards and real-time alerts, fine-tuning SIEM rules to reduce noise, and NIST 800-53 & DevSecOps frameworks

About the Company

Diligent Consulting Inc

Resume Resources

Free Resume Templates Free Resume Builder