Security Engineer (Elastic/Splunk)
- North Charleston, SC
- Permanent
- Full-time
North Charleston, SC
Minimum of a Secret Clearance Required with ability to obtain Top SecretAs a Security Engineer you will The SIEM/SOAR Engineer will be responsible for managing and maintaining the CSSP's Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems.Position Requirements and Duties:
- Design, implement, and maintain the SIEM and SOAR infrastructure (Elastic and Splunk).
- Manage and maintain an enterprise Elastic cluster to support SIEM operations for the CSSP.
- Monitor and analyze security events and incidents to protect information assets.
- Assist in the development and maintenance of use cases, rules, and alerts for threat detection and response.
- Integrate SIEM and SOAR systems with other security tools and data sources.
- Automate security operations workflows and incident response procedures using SOAR platforms.
- Perform regular system monitoring and health checks to ensure the integrity and availability of SIEM and SOAR systems.
- Conduct performance tuning, capacity planning, and scalability assessments for SIEM and SOAR solutions.
- Implement and manage data ingestion pipelines for security event data.
- Perform regular updates, patches, and upgrades for SIEM and SOAR systems.
- Create and maintain documentation for system configurations, processes, and standard operating procedures.
- Collaborate with security analysts, operations analysts, incident responders, and other CSSP teams to ensure effective use of SIEM and SOAR capabilities.
- 3 years of experience in maintaining an enterprise Elastic cluster
- Proficiency in managing and maintaining SIEM and SOAR solutions.
- Experience with Elasticsearch Enterprise (including Logstash and Kibana) for SIEM operations.
- Strong understanding of security event and incident management processes.
- Knowledge of scripting languages (e.g., Python, PowerShell) for automation and integration.
- Experience with threat detection and response methodologies.
- Extensive experience with Linux Administration of RHEL Operating Systems
- Strong experience with networking protocols, solutions, and methodologies
- US Citizen
- Possess a high school diploma or GED
- Available for on-call after-hours rotational support as needed
- Position may require up to 25% travel as needed
- OCONUS travel may be required
- Experience with other SIEM platforms (e.g., Splunk).
- Knowledge of security frameworks and standards (e.g., MITRE ATT&CK, NIST).
- Familiarity with network and endpoint security technologies.
- Experience with security incident response and digital forensics.
- 8570 IAT Level II Certification
- Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), or Elastic Certified Engineer
- Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.
- 401k Retirement Plan with Matching Contribution is immediately available and vested.
- Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.
- Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.
- Employee Assistance Program: Counseling/legal assistance and other employee well-being programs are also offered.