Elasticsearch Engineer

Description

This position will support the Defense Information Systems Agency (DISA) GSM-O II program, and DISA Global Defensive Cyber Operations (DCO) organization based out of Scott AFB, IL with as a Elasticsearch Engineer.

Job Summary

The Elasticsearch Engineer role will provide support for a large enterprise Elasticsearch deployment. This role requires providing design, configuration, maintenance and troubleshooting support in the Elastic environments in both cloud and on prem. And also ensure data feeds and application operation are maintained, and provide support to cyber security analysts in development of analytics and other operational aspects of the Elastic product. This role will also collaborate with architecture, engineering, development, and operations teams; ensuring production scalability and stability while maintaining data integrity.

• Building and Managing Elasticsearch Clusters: This includes tasks like installing, configuring, and securing Elasticsearch clusters, as well as troubleshooting issues.
• Data Modeling and Indexing: Defining indexes, dynamic templates, and lifecycle management policies to optimize data storage and retrieval.
• Developing Search Solutions: Writing and executing search queries, including complex Boolean queries, aggregations, and using runtime fields.
• Working with the Elastic Stack: Integrating Elasticsearch with other components like Kibana, Beats, and Logstash to build comprehensive solutions.
• Performance Optimization: Ensuring that Elasticsearch deployments are performant and scalable to meet specific needs.
• Data Analysis and Visualization: Utilizing Kibana to analyze and visualize data stored in Elasticsearch.
• Troubleshooting and Issue Resolution: Identifying and resolving issues within the Elasticsearch environment.

• BS degree and 4 to 8 years of relevant experience in IT and Cybersecurity
• Must have DoD-8570 IAT Level 2 baseline certification (Security+ CE or higher) at start date and be able to obtain CSSP-A certification within 180 days of start date.
• 2+ years of experience with Elasticsearch Administration.
• Direct experience maintaining and integrating Elasticsearch within an operational enterprise information system.
• Experience with maintaining and using Elasticsearch in Commercial Cloud Platforms (e.g., AWS, Google Cloud, Azure).
• At least 2 of the 3 Elastic certifications listed below: Elastic Certified Engineer; Elastic Certified Observability Engineer; or Elastic Certified Analyst
• TS with ability to attain SCI is required for consideration.

• Experience working on the customer's systems.
• Understanding of the customer's system development policies.
• Additional certifications related to Elasticsearch.
• Experience with DISA and DoD Networks.
• Working knowledge of cyber operational security, log analysis, netflow analysis, incident response, malware analysis, computer forensics, and/or cyber-crime.
• Advanced Certifications such as SANS GIAC/GCIA/GCIH, CISSP, CySA+ or CASP.
• Demonstrated experience briefing leadership.