[Remote] SIEM Platform Engineer

Note: The job is a remote job and is open to candidates in USA. Booz Allen Hamilton is seeking a SIEM Platform Engineer to build high-performing systems using Elastic for log aggregation and analysis. The role involves creating visualizations and alerts for threat hunting, maintaining infrastructure, and ensuring compliance with security requirements.

Responsibilities

• Work with clients and peers to build a high-performing system using Elastic to aggregate logs from many systems into a single common schema
• Use Elastic Common Schema (ECS) formatted fields, create quality visualizations and alerts that analysts can use for threat hunting, maintain infrastructure, and identify problems or anomalous behavior before they become a larger issue and can be actioned on
• Work with the vendor to determine best practices for deployment and maintenance of system architecture and deploy within designated security requirements

Skills

• 1+ years of experience with SIEM platforms such as Splunk Enterprise Security, Elastic Security, Kibana, Sentinel, or Chronicle
• Experience designing data pipeline architectures for security operations, including log collection, normalization, enrichment, and routing
• Experience with Elastic Stack, Logstash, Elasticsearch, Kibana, and Beats, including installing, configuring, maintaining, upgrading, and troubleshooting these products
• Knowledge of architecting detection engineering pipelines, threat hunting workflows, or automated response capabilities
• Knowledge of EDR, NDR, or full-packet capture solutions such as CrowdStrike, Corelight, or Trellix
• Knowledge of deploying platforms across cloud, on-premises, and disconnected environments using Kubernetes or OpenShift
• Knowledge of working in classified or compartmented environments with strict access enforcement
• Knowledge of Elastic Index Lifecycle Management (ILM)
• TS/SCI clearance
• HS diploma or GED
• Experience with stream processing or data brokering platforms such as Cribl, Kafka, Logstash, or Fluentd
• Experience working with Docker, Kubernetes, and cloud containerization solutions such as Elastic Cloud on Kubernetes (ECK)
• Experience with DevSecOps CI/CD pipelines in IL5, IL6, IL7 environments
• Experience with Python or scripting languages for security automation
• Security+, CISSP, CISSP-ISSEP, or CASP+ Certifications

Benefits

• Health, life, disability, financial, and retirement benefits
• Paid leave
• Professional development
• Tuition assistance
• Work-life programs
• Dependent care
• Recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values

Company Overview