Job Description

Job Description

Job Description

General Summary:

Mount Indie is looking for a Security Information and Event Management (SIEM) analyst for the AvMC contract. The candidate should have a background in cybersecurity compliance monitoring tools such as Elastic and Splunk, as well as extensive Linux system administration knowledge.

The candidate will provide support and administration for transitioning current DoD Splunk environment to Elastic (ELK). Duties include but not limited to Linux platform administration, dashboard creation, and architecture enhancements needed in a dynamic environment. Candidate needs to possess understanding of evaluating, maintaining, and sustaining current SIEM related tools with possibility of other software evaluations. Candidate must have strong communication skills, work in a team environment to include mentoring more junior team members and understand both server backend and application frontend configurations.

Principal Duties and Responsibilities (*Essential Functions):

• Administer, maintain, troubleshoot, and support an ElasticSearch environment on RHEL (Red Hat Enterprise Linux) servers on-premises.
• Tune and optimize systems and data sources to better align with the organizations strategic Integrated Operating Center goals.
• Ensure the Elasticsearch configurations continue to run under optimal conditions.
• Develop dashboards and applications with custom JavaScript, HTML and CSS features to fulfill dynamic organizational requirements with visual metrics for stakeholders.
• Onboard new data sources, parse, and extract relevant data while also monitoring license usage.
• Create data retention policies and perform index administration, maintenance, and optimization.
• Complete/Maintain STIG configuration checklists of Elastic deployment to support Army and DoD requirements.
• Configure Elastic infrastructure to utilize trusted DoD certificates for all communication.
• Develop customized Elasticsearch queries, filters, and visualizations to meet customer requirements.
• Work with AvMC CIO G6 teams to identify inefficiencies in current monitoring services, propose and implement changes to streamline alerts or automate remediations.

Required Qualifications

• Bachelors degree in related field, or the equivalent experience.
• Minimum of 8 years' work-related experience.
• Working knowledge of Elasticsearch, Logstash, and Kibana (ELK Stack), including configuration, optimization, and troubleshooting.
• Active CompTIA Security+ CE certification
• U.S. Citizenship required; must be able to obtain/maintain a DoD Secret clearance.
• Implementation of security best practices and ensure compliance with relevant regulations and standards (e.g., DISA STIGs) within the Elastic environment.
• Work related experience within DoD.
• Strong and effective communication skills

Preferred Qualifications

• Active DoD Secret clearance
• Working knowledge of scripting languages for automation and customization.
• Understanding of application performance concepts, VMware, Linux and Windows operating systems, and network infrastructure concepts.
• Working knowledge with Elastic Stack solutions
• Hands-on Linux system administration
• Working knowledge of ACAS scanning

Job Tags

Similar Jobs