CACI International ELK Security Information and Event Management (SIEM) Engineer in Springfield, Virginia
What You’ll Get to Do:CACI is seeking a Cyber Network Defense (CND) Elasticsearch, Log stash, and Kibana (ELK) Engineer/Subject Matter Expert (SME) to perform technical work as part of an integrated team of CND SMEs supporting the DoD’s JRSS (Joint Regional Security Stack) deployment activities. JRSS is a multi-year, global effort to improve the DoD’s security posture and provide enhanced security capabilities and analytics by centralizing and virtualizing network security into regional stacks rather than locally distributed appliances. This position is responsible for providing configuration, implementation, configuration and ongoing performance enhancement work for ELK in the JRSS environment.
You will also work as part of a multi-disciplinary team supporting the active and passive Computer Network Defense (CND) tools deployed in stacks. You must be able to integrate with other technical teams, with DISA personnel, with vendor technical support personnel, and with technical representatives from DoD services, work as part of an integrated, cross-platform team that provides CND capability, and base/post/camp/station migration support services DoD-wide as the JRSS stacks are deployed and used. You must hold an active Secret Clearance to qualify. We look forward to working with you on this exciting opportunity!
More About the Role:
In this role you will:
Support the ELK toolset and assist with configuration, troubleshooting, support and project management of ELK integration.
Need extensive CND architectural design experience in addition to significant hands-on experience with ELK.
Provide SME knowledge of Full Packet Capture via Google Stenographer, Protocol Analysis and Metadata via Bro, Signature Based Alerting via Suricata, Recursive File Scanning via FSF, message queuing via Filebeat, Message Queuing and Distribution via Apache Kafka and Message Transport via Log stash
Create viewable Kibana dashboards to provide visibility into ingested log data
Resolve ELK infrastructure or system issues
Create Suricata security rules (alerts) and Kibana dashboards that trigger on anomalous activities or threat detections
Create alerts that trigger/activate on configured setting to deploy or sends email to a particulate destination email or groups
Troubleshoot and tune signature-based alerting via Suricata, recursive file scanning via FSF, message queuing and distribution via Apache Kafka and message transport via Log stash
Provide ELK SME support, assisting customers with log ingestion issues and with ELK communication issues
You’ll Bring These Qualifications:
Remember, if your contract contains minimum Labor Category Qualifications, they must be included.) Experience:
• Bachelor’s degree from an accredited college in a related discipline, or equivalent experience/combined education, with 12 or more years’ experience; or 10 years’ experience with a related Master’s degree or equivalent work experience.
You must be a U.S. Citizen and hold an active Secret DoD clearance
You must hold a current DoD 8570 IAT II Certification
You must have strong knowledge of Ansible or Python scripting, Linux CENTOS/Red Hat operating system commands, file data storage, indexing, and searching via Elasticsearch
You must have experience with Splunk, IDS/IPS technologies, NESSUS, or Demisto
You should be well versed in TCP/IP communications.
Have a general knowledge of router and firewall functionality on a network.
Be familiar with the MS Office tool suite.
Possess excellent written and oral communications skills and be able to present highly technical material to both technical and non-technical audiences
These Qualifications Would be Nice to Have:
Prior experience as a network intrusion analyst or Security Operations Center analyst.
Experience configuring and maintaining the tool in a multi-tenant environment
Experience with one or more of these CND tools:
Fidelis DLP and MDE
What We Can Offer You:- We’ve been named a Best Place to Work by the Washington Post.- Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.- We offer competitive benefits and learning and development opportunities.- We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.- For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.