Search Engineer III

ECS is seeking a Search Engineer III to work in our Fairfax, VA office.

Job Description:

Are you passionate about the ever-evolving field of cybersecurity and ready to embark on a career with a positive and lasting impact? Join our dynamic team at ECS, a leading provider of solutions in science, engineering, and advanced technologies, including cloud, cybersecurity, artificial intelligence (AI), data, and enterprise transformation solutions. As a SIEM Engineer II, you'll play a crucial role in our mission to safeguard organizations against cyber threats. If you're seeking a challenging yet rewarding position where you can enhance your skills, collaborate with experts in the field, and contribute significantly to the protection of digital assets, this opportunity is perfect for you.

Our SIEM Engineer III team members are at the forefront of our Managed Security Services Provider (MSSP) team, responsible for strengthening the digital defenses of our clients. Your primary focus will be on ensuring the reliability and security of our Security Information and Event Management (SIEM) systems, which are often the first line of defense against cyber adversaries. You'll delve deep into the intricacies of SIEM technology, assist in implementing cutting-edge solutions, and work closely with our experienced team to detect and mitigate emerging threats. If you're a tech-savvy individual with a strong desire to protect organizations from the evolving cyber threat landscape, this role offers a unique opportunity to hone your skills and make a significant impact in the world of cybersecurity.

Responsibilities

• Independently lead the installation, configuration, and deployment of SIEM solutions for clients, ensuring customization to their unique needs and compliance requirements. Act as the primary point of contact for complex deployments.
• Collaborate with senior engineers in the design and planning of deployment architectures. Lead the implementation of complex configurations tailored to specific security needs.
• Perform and oversee advanced routine maintenance on SIEM systems, including critical patches, updates, and strategic upgrades. Optimize system performance and reliability through expert adjustments and tuning.
• Lead the integration of the SIEM platform with a diverse array of tools and systems, ensuring seamless interoperability and enhanced security posture.
• Develop and implement sophisticated scripts to automate tasks and enhance interactions between the SIEM and other systems, improving efficiency and reducing manual effort.
• Conduct advanced system health checks, proactively monitor SIEM performance, and implement preemptive measures to maintain system integrity.
• Independently document and resolve complex issues, leveraging deep technical expertise and collaborative problem-solving skills.
• Take charge of SIEM configuration management, making strategic adjustments to optimize performance and data accuracy, and adapting to changes in the monitored environment.
• Maintain detailed documentation of SIEM system configurations, operations, and procedures. Ensure documentation is comprehensive, up-to-date, and adheres to compliance standards.
• Maintain detailed documentation of SIEM system configurations, operations, and procedures. Ensure documentation is comprehensive, up-to-date, and adheres to compliance standards.
• Act as the primary liaison with vendors for advanced support and resolution of complex product-related issues.
• Engage in and sometimes lead expert-level training on SIEM features and capabilities. Facilitate knowledge transfer sessions to elevate team expertise.
• Provide high-level support and strategic advice to security analysts, ensuring that the SIEM system's capabilities are fully leveraged to meet security operations' needs.
• Drive continuous improvement initiatives for SIEM-related processes, focusing on efficiency gains and advanced security enhancements.
• Participate in continuous improvement initiatives to streamline SIEM-related processes.
• Provide strategic feedback and suggestions for automating repetitive tasks and improving system configurations based on expert knowledge and experience.

Required Skills:

At least three years of experience demonstrating proficiency in the following skills:

• Proven experience with SIEM technologies, concepts, and common platforms such as Elastic, Splunk, IBM QRadar, or LogRhythm.
• Experience with system administration for various operating systems, particularly those commonly used in corporate environments like Windows, Linux, and MacOS.
• A strong grasp of fundamental cybersecurity principles, including threat landscapes, security protocols, and various types of cyberattacks.
• Solid experience with scripting languages such as Python, PowerShell, or Bash for automation of tasks and integration of different systems with the SIEM.
• Aptitude for troubleshooting and problem-solving, including being able to logically deduce where issues may lie and how to correct them.
• The ability to work effectively in a team environment, often collaborating with other engineers, IT staff, and security analysts.
• Good verbal and written communication skills for documenting processes, explaining technical concepts, and reporting to higher management or technical teams.

Other Requirements of the position include:

• Able and willing to support domestic or international on-site travel with customers or at ECS offices. Any travel will be short in duration and well-planned.
• Possess and maintain TS/SCI-CI Poly US Security Clearance.
• Possess and maintain a U.S. Passport.
• Bachelor’s degree; preferably in Computer Science, Information Security, or a related field. Will consider experience in lieu of a degree.
• Wear professional business attire for in-person meetings and teleconferences with internal and external organizations.
• Perform duties not explicitly listed in this position description, as assigned.

Desired Skills:

• At least three years of hands-on experience with specific SIEM platforms, indicating a deeper understanding of their features and capabilities. Experience with Elastic is highly valued.
• At least three years of experience integrating SIEMs with SOAR and IRCM.
• Experience working one on one with a customer in a consultant or consultant-like role.
• Experience deploying, configuring, maintaining, and troubleshooting Elasticsearch and Kibana on bare metal, Elastic Cloud Enterprise (ECE), Elastic Cloud on Kubernetes (ECK), and/or Elasticsearch Service.
• Experience deploying, configuring, and troubleshooting Elasticsearch Search use-cases, explicitly Vector/Semantic Search.
• Configuration management experience through Ansible/Terraform/Chef/Puppet or like tools.
• Security community contributions (blog posts, white papers, conference talks, tool development, etc.)
• A stronger grasp of advanced network infrastructure, including cloud networks, virtual networks, and network segmentation, which can be crucial for more sophisticated SIEM deployments.
• Skills in project management and familiarity with methodologies like Agile can be beneficial, particularly in managed service environments.
• Familiarity with implementing machine learning pipelines and integrating AI-driven analytics into SIEM for improved incident detection and automated response.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.

General Description of Benefits