Note: The job is a remote job and is open to candidates in USA. Booz Allen Hamilton is seeking a SIEM Platform Engineer to build high-performing systems using Elastic for log aggregation and analysis. The role involves creating visualizations and alerts for threat hunting, maintaining infrastructure, and ensuring compliance with security requirements.
Responsibilities
- Work with clients and peers to build a high-performing system using Elastic to aggregate logs from many systems into a single common schema
- Use Elastic Common Schema (ECS) formatted fields, create quality visualizations and alerts that analysts can use for threat hunting, maintain infrastructure, and identify problems or anomalous behavior before they become a larger issue and can be actioned on
- Work with the vendor to determine best practices for deployment and maintenance of system architecture and deploy within designated security requirements
Skills
- 1+ years of experience with SIEM platforms such as Splunk Enterprise Security, Elastic Security, Kibana, Sentinel, or Chronicle
- Experience designing data pipeline architectures for security operations, including log collection, normalization, enrichment, and routing
- Experience with Elastic Stack, Logstash, Elasticsearch, Kibana, and Beats, including installing, configuring, maintaining, upgrading, and troubleshooting these products
- Knowledge of architecting detection engineering pipelines, threat hunting workflows, or automated response capabilities
- Knowledge of EDR, NDR, or full-packet capture solutions such as CrowdStrike, Corelight, or Trellix
- Knowledge of deploying platforms across cloud, on-premises, and disconnected environments using Kubernetes or OpenShift
- Knowledge of working in classified or compartmented environments with strict access enforcement
- Knowledge of Elastic Index Lifecycle Management (ILM)
- TS/SCI clearance
- HS diploma or GED
- Experience with stream processing or data brokering platforms such as Cribl, Kafka, Logstash, or Fluentd
- Experience working with Docker, Kubernetes, and cloud containerization solutions such as Elastic Cloud on Kubernetes (ECK)
- Experience with DevSecOps CI/CD pipelines in IL5, IL6, IL7 environments
- Experience with Python or scripting languages for security automation
- Security+, CISSP, CISSP-ISSEP, or CASP+ Certifications
Benefits
- Health, life, disability, financial, and retirement benefits
- Paid leave
- Professional development
- Tuition assistance
- Work-life programs
- Dependent care
- Recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values
Company Overview
- Booz Allen Hamilton is a consulting firm that specializes in analytics, technology, and engineering. It was founded in 1914, and is headquartered in Mclean, Virginia, USA, with a workforce of 10001+ employees. Its website is http://www.boozallen.com.