Clearance Required: Top Secret with Polygraph
PCI has an opportunity for an Elasticsearch SME on an existing, growing program.
SEAR provides CND analysts and ISSOs with actionable security information and audit reduction capabilities, in accordance with multiple IC directives. The team develops the Ingest engine for SEAR’s audit logs, the REST services to expose the alerts, the user interface to display the alerts, and the Pig analytics to determine what constitutes an alert. The Ingest engine performs the enriching, normalization, and correlating of the audit logs.
Required: 2+ years of experience with Elasticsearch, specifically setting up, configuring, and tuning large clusters, experience with Kibana (specifically visualizations and dashboards), Logstash
Desired Elasticsearch experience: Elasticsearch security, Elasticsearch Beat technologies, Elasticsearch Machine Learning technology, Elasticsearch Watcher, Elasticsearch Monitoring
Other Desired experience: NiFi, RegEx, Java/Spring, Salt/Puppet, Kafka, Spark, Python/Perl scripting, REST services, MySQL
· 2 years of experience with setting up and tuning Elasticsearch clusters to handle processing of large amounts of data
· 2 years of experience with Logstash/Grok
· 1 year of experience with Kibana including visualizations, dashboards, and monitoring
· 1 year of experience with Elasticsearch security
· Experience with Elasticsearch Beat technologies
· Experience with Elasticsearch Machine Learning technology
· Experience with ElasticSearch Alerting
|Job Category||Cybersecurity, DevOps, Software Developer/Engineer, Systems Engineer|