AvMC EITSS Elastic/SIEM Administrator

C

COLSA

AvMC EITSS Elastic/SIEM Administrator

Huntsville, AL
Full Time
Paid
  • Responsibilities

    Provide support and administration for transitioning current DoD Splunk environment to Elastic. Duties include but not limited to Linux platform administration, dashboard creation, and architecture enhancements needed in a dynamic environment. Candidate needs to possess understanding of evaluating, maintaining, and sustaining current SIEM related tools with possibility. Candidate must have strong communication skills, work in a team environment to include mentoring more junior team members and have an understanding of both server backend and application frontend configurations.

    *Principal Duties and Responsibilities (Essential functions)

    • Configure, maintain, troubleshoot, and support an ElasticSearch environment on RHEL (Red Hat Enterprise Linux) servers on-premises.
    • Tune and optimize systems and data sources to better align with the organization’s strategic SOC goals.
    • Ensure the Elasticsearch configurations continue to run under optimal conditions.
    • Develop dashboards and applications with custom JavaScript, HTML and CSS features to fulfill dynamic organizational requirements with visual metrics for stakeholders.
    • Onboard new data sources, parse, and extract relevant data while also monitoring license usage.
    • Create data retention policies and perform index administration, maintenance, and optimization.
    • Complete/Maintain STIG configuration checklists of Elastic deployment to support RMF Security Control Assessor - Validator (SCA-V).
    • Configure Elastic infrastructure to utilize trusted DoD certificates for all communication.
    • Develop customized Elasticsearch queries, filters, and visualizations to meet customer requirements.
    • Work with AvMC CIO/G6 teams to identify inefficiencies in current monitoring services, propose and implement changes to streamline alerts or automate remediations.

    _At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our “Family of Professionals!” Learn about our employee-centric culture and benefitshere. _

    Required Skills

    Required Experience

    • Bachelor’s degree in related field, or the equivalent experience.
    • Minimum of 12 years' work-related experience.
      • Deviation from education and/or degree requirements, as defined by contract, requires approval from CO.
    • Working knowledge of Elasticsearch, Logstash, and Kibana (ELK Stack), including configuration, optimization, and troubleshooting.
    • Must be able to obtain Security+CE within 6 months of hire.
    • U.S. Citizenship required; must be able to obtain/maintain a DoD Secret clearance.
    • Implementation of security best practices and ensure compliance with relevant regulations and standards (e.g., DISA STIGs) within the Elastic environment.
    • Work related experience within DoD.
    • Strong and effective communication skills

    Preferred Qualifications

    • Active DoD Secret clearance
    • CompTIA Security+ CE certification
    • Working knowledge of scripting languages for automation and customization.
    • Understanding of application performance concepts, VMware, Linux and Windows operating systems, and network infrastructure concepts.
    • Working knowledge with Elastic Stack solutions
    • Hands-on Linux system administration

    Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.