Position Details

Salary $77K – $176K USD / year

Type Not Specified

Experience mid

Exp. Years 3+ years (with SIEM platforms) and 1+ years (for data pipeline and Elastic Stack experience)

Education HS diploma or GED

Category Cybersecurity

About this role

Build and maintain a high-performing SIEM platform using Elastic to aggregate logs into a common schema and support threat hunting with quality visualizations and alerts. The role also includes detection engineering pipeline work, infrastructure maintenance, and deploying solutions within strict security requirements in classified environments.

Key Responsibilities

Build Elastic-based SIEM log aggregation into a common schema using Elastic Common Schema (ECS) fields
Create and maintain visualizations and alerts for threat hunting
Maintain infrastructure and identify anomalous behavior before it becomes actionable
Design data pipeline architectures for security operations (log collection, normalization, enrichment, routing)
Deploy and maintain system architecture with vendor best practices under designated security requirements

Technical Overview

Hands-on security engineering focused on Elastic Common Schema (ECS) ingestion, log normalization/enrichment/routing, and Elastic Stack operations (Logstash, Elasticsearch, Kibana, Beats). Supports detection engineering pipelines, threat hunting workflows, and automated response capabilities, with deployment across Kubernetes/OpenShift in cloud, on-prem, and disconnected environments.

Ideal Candidate

The ideal candidate is a mid-level SIEM Platform Engineer with 3+ years of hands-on experience across Splunk Enterprise Security, Elastic Security, Kibana, Sentinel, or Chronicle. They have strong Elastic Stack experience (Logstash, Elasticsearch, Kibana, Beats), including designing security log pipelines and detection/threat hunting workflows, and they can deploy in classified environments with Kubernetes or OpenShift.

Must-Have Skills

3+ years of experience with SIEM platforms such as Splunk Enterprise SecurityElastic SecurityKibanaSentinelor Chronicle1+ years of experience designing data pipeline architectures for security operationsincluding log collectionnormalizationenrichmentand routing1+ years of experience with Elastic StackLogstashElasticsearchKibanaand Beatsincluding installingconfiguringmaintainingupgradingand troubleshooting these productsExperience deploying platforms across cloudon-premisesand disconnected environments using Kubernetes or OpenShiftExperience working in classified or compartmented environments with strict access enforcementKnowledge of Elastic Index Lifecycle Management ( ILM )TS/SCI clearance

Nice-to-Have Skills

stream processing or data brokering platforms such as CriblKafkaLogstashFluentdDockercloud containerization solutions such as Elastic Cloud on Kubernetes ( ECK )DevSecOps CI / CD pipelines in IL5IL6IL7 environmentsPythonscripting languages for security automationSecurity+CISSPCISSP-ISSEPCASP+ Certification s

Tools & Platforms

ElasticElastic Common Schema (ECS)Elastic StackLogstashElasticsearchKibanaBeatsSplunk Enterprise SecurityElastic SecuritySentinelChronicleCrowdStrikeCorelightTrellixKubernetesOpenShiftCriblKafkaFluentdDockerElastic Cloud on Kubernetes (ECK)

Required Skills

SIEM platformsSplunk Enterprise SecurityElastic SecurityKibanaSentinelChronicleElastic Common Schema (ECS)data pipeline architectureslog collectionnormalizationenrichmentroutingElastic StackLogstashElasticsearchinstallingconfiguringmaintainingupgradingtroubleshootingdetection engineering pipelinesthreat hunting workflowsautomated response capabilitiesEDRNDRCrowdStrikeCorelightTrellixKubernetesOpenShiftElastic Index Lifecycle Management (ILM)TS/SCI clearance

Hard Skills

SIEM platformsSplunk Enterprise SecurityElastic SecurityKibanaSentinelChronicledata pipeline architectureslog collectionnormalizationenrichmentroutingElastic StackLogstashElasticsearchKibanaBeatsinstallingconfiguringmaintainingupgradingtroubleshooting Elastic Stackdetection engineering pipelinesthreat hunting workflowsautomated response capabilitiesEDRNDRfull-packet capture solutionsCrowdStrikeCorelightTrellixKubernetesOpenShiftElastic Index Lifecycle Management ( ILM )Elastic Common Schema ( ECS ) formatted fieldsdeploy within designated security requirements

Soft Skills

Work with clients and peersCollaborate with analysts for threat huntingWork with the vendor to determine best practicesIdentify problems or anomalous behaviorMaintain infrastructure

Certifications

Preferred

Security+CompTIA Security+CISSPCISSP-ISSEPCASP+

Industry & Role

Industry Government/Public Sector

Job Function Engineer and operate an Elastic-based SIEM platform for security monitoring, threat hunting, and detection workflows in classified environments

Role Subtype Security Engineer

Tech Domains Cybersecurity, Kubernetes, Elastic, Linux, Cloud & Infrastructure

Keywords for Your Resume

SIEM Platform EngineerSIEM platformsSplunk Enterprise SecurityElastic SecurityKibanaSentinelChronicleElastic Common Schema (ECS)data pipeline architectureslog collectionnormalizationenrichmentroutingElastic StackLogstashElasticsearchBeatsinstallingconfiguringmaintainingupgradingtroubleshootingdetection engineering pipelinesthreat hunting workflowsautomated response capabilitiesEDRNDRCrowdStrikeCorelightTrellixKubernetesOpenShiftElastic Index Lifecycle Management (ILM)TS/SCI clearanceSIEMThreat hunting

Deal Breakers

TS/SCI clearance required, 3+ years SIEM platform experience (Splunk Enterprise Security, Elastic Security, Kibana, Sentinel, or Chronicle), 1+ years Elastic Stack (Elastic Stack, Logstash, Elasticsearch, Kibana, Beats) installation/configuration/maintenance/upgrading/troubleshooting, Experience deploying across cloud/on-prem/disconnected environments using Kubernetes or OpenShift

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile