Lead Elastic Stack Cybersecurity Engineer

Leidos has a current job opportunity for a Senior Cybersecurity Engineer specializing in data integration, content development, and system architecture. Working with Elastic Stack (Elasticsearch, Logstash, Kibana), the individual would lead a team in developing, managing, and optimizing scalable search and analytics solutions for the DISA GSM-O II program in Pearl Harbor, HI. 

A successful candidate will have experience in cyber analysis, incident response, SIEM operations, content development, visualizations, and reporting.  This role requires technical expertise with Elastic, a deep understanding of SIEM architecture, and hands-on experience working with cybersecurity relevant data, cyber incident handling, and monitoring in secure environments.   

POSITION SUMMARY: 

The Senior Cybersecurity / Elastic Detection Engineer will lead in development of SIEM/SOAR capabilities to support the team’s Cyber Security Service Provider (CSSP) services. They will create, test, implement, and execute standard procedures for the "front-end" operation within Elastic. They will also develop reports, dashboards, analytic rules, filters, and metrics. 

PRIMARY RESPONSIBILITIES: 

• Monitor and optimize the performance of content within the Elastic Stack clusters to ensure high availability, reliability, and performance of content supporting the Cyber Security Service Provider (CSSP) services. 

• Create and maintain comprehensive documentation for content, processes, and procedures. 
• Design, develop, and maintain custom dashboards using Elastic for monitoring and visualization of metrics, logs, and traces. 
• Support customer-driven visualization requirements and collaborate on data integration and Kibana dashboard development. 
• Work with the site threat emulation/analytic development team to maximize detection opportunities correlated with the MITRE ATT&CK framework. 

 BASIC QUALIFICATIONS: 

• Active DoD Secret security clearance and ability to obtain TS/SCI. 

• An ability to think critically, work independently, and regularly communicate updates to the supported stakeholders.
• Highly motivated and able to work independently with minimal supervision, while also thriving in a collaborative team environment.
• Strong written and oral communications skills and strong analytical and troubleshooting skills. 
• In-depth knowledge of architecture, engineering, and operations of Elastic Stack.  
• Demonstrated commitment to training, self-study, and maintaining proficiency in the technical cyber security domain. 
• Bachelor's degree and 8+ years of prior relevant experience; additional work experience or cyber courses/certifications may be substituted in lieu of degree. 
• DoD 8570 CSSP-A level Certification such as CEH, CySA+, GCIA or other certification is required within 180 days of hire. 
• DoD 8570 IAT level II or higher certification such as CompTIA Security+ CE, ISC2 SSCP, SANS GSEC prior to starting. 

PREFERRED QUALIFICATIONS: 

• CND experience (Protect, Detect, Respond, and Sustain) within a Computer Incident Response organization. 

• Advanced certifications or any formal certified training in Elastic or other SIEMs are preferred. 

• Strong knowledge of security information and event management (SIEM) systems, data pipelines, and threat detection methodologies. 

• Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures (TTPs). 

• Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements. 
• Proven ability to develop, test, and deploy high-fidelity security analytics and detection rules. Experience with a scripting language like Python is highly desirable.

• Proficiency with GitLab (or similar version control systems) and collaboration platforms (e.g., Microsoft Teams, Slack).
• Familiarity or experience in Intelligence-Driven Defense and/or Cyber Kill Chain methodology. 
• Exceptional analytical and problem-solving skills with a keen eye for identifying and addressing security gaps.
• Demonstrated ability to analyze existing processes, identify areas for improvement, and implement solutions to enhance efficiency and effectiveness.

• Existing 8570 CSSP Analyst Certifications (CEH), CySA+, etc. 

• Vendor-specific certifications. 

WHY LEIDOS?

• Company-paid relocation to Hawaii
• Competitive compensation plans (including health and wellness programs, flexible leave, and immediately-vested 401k)
• Robust professional development and career growth program(s) within the defensive cyber space (including upskilling opportunities, mentorship, and 1:1 guidance and job-matchmaking from career coaches)

Original Posting Date:

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.