Lead Elastic Stack Cybersecurity Engineer

Description

Leidos has a current job opportunity for a Senior Cybersecurity Engineer specializing in data integration, content development, and system architecture. Working with Elastic Stack (Elasticsearch, Logstash, Kibana), the individual would lead a team in developing, managing, and optimizing scalable search and analytics solutions for the DISA GSM-O II program in Pearl Harbor, HI.

A successful candidate will have experience in cyber analysis, incident response, SIEM operations, content development, visualizations, and reporting. This role requires technical expertise with Elastic, a deep understanding of SIEM architecture, and hands-on experience working with cybersecurity relevant data, cyber incident handling, and monitoring in secure environments.

• Monitor and optimize the performance of content within the Elastic Stack clusters to ensure high availability, reliability, and performance of content supporting the Cyber Security Service Provider (CSSP) services.

• Create and maintain comprehensive documentation for content, processes, and procedures.
• Design, develop, and maintain custom dashboards using Elastic for monitoring and visualization of metrics, logs, and traces.
• Support customer-driven visualization requirements and collaborate on data integration and Kibana dashboard development.
• Work with the site threat emulation/analytic development team to maximize detection opportunities correlated with the MITRE ATT&CK framework.

• Active DoD Secret security clearance and ability to obtain TS/SCI.

• An ability to think critically, work independently, and regularly communicate updates to the supported stakeholders.
• Highly motivated and able to work independently with minimal supervision, while also thriving in a collaborative team environment.
• Strong written and oral communications skills and strong analytical and troubleshooting skills.
• In-depth knowledge of architecture, engineering, and operations of Elastic Stack.
• Demonstrated commitment to training, self-study, and maintaining proficiency in the technical cyber security domain.
• Bachelor's degree and 8+ years of prior relevant experience; additional work experience or cyber courses/certifications may be substituted in lieu of degree.
• DoD 8570 CSSP-A level Certification such as CEH, CySA+, GCIA or other certification is required within 180 days of hire.
• DoD 8570 IAT level II or higher certification such as CompTIA Security+ CE, ISC2 SSCP, SANS GSEC prior to starting.

• CND experience (Protect, Detect, Respond, and Sustain) within a Computer Incident Response organization.

• Advanced certifications or any formal certified training in Elastic or other SIEMs are preferred.

• Strong knowledge of security information and event management (SIEM) systems, data pipelines, and threat detection methodologies.

• Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures (TTPs).

• Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
• Proven ability to develop, test, and deploy high-fidelity security analytics and detection rules. Experience with a scripting language like Python is highly desirable.

• Proficiency with GitLab (or similar version control systems) and collaboration platforms (e.g., Microsoft Teams, Slack).
• Familiarity or experience in Intelligence-Driven Defense and/or Cyber Kill Chain methodology.
• Exceptional analytical and problem-solving skills with a keen eye for identifying and addressing security gaps.
• Demonstrated ability to analyze existing processes, identify areas for improvement, and implement solutions to enhance efficiency and effectiveness.

• Existing 8570 CSSP Analyst Certifications (CEH), CySA+, etc.

• Vendor-specific certifications.

• Company-paid relocation to Hawaii
• Competitive compensation plans (including health and wellness programs, flexible leave, and immediately-vested 401k)
• Robust professional development and career growth program(s) within the defensive cyber space (including upskilling opportunities, mentorship, and 1:1 guidance and job-matchmaking from career coaches)