Provide support and administration for transitioning current DoD Splunk environment to Elastic. Duties include but not limited to Linux platform administration, dashboard creation, and architecture enhancements needed in a dynamic environment. Candidate needs to possess understanding of evaluating, maintaining, and sustaining current SIEM related tools with possibility. Candidate must have strong communication skills, work in a team environment to include mentoring more junior team members and have an understanding of both server backend and application frontend configurations.

Principal Duties and Responsibilities (*Essential functions)

• Configure, maintain, troubleshoot, and support an ElasticSearch environment on RHEL (Red Hat Enterprise Linux) servers on-premises.
• Tune and optimize systems and data sources to better align with the organization’s strategic SOC goals.
• Ensure the Elasticsearch configurations continue to run under optimal conditions.
• Develop dashboards and applications with custom JavaScript, HTML and CSS features to fulfill dynamic organizational requirements with visual metrics for stakeholders.
• Onboard new data sources, parse, and extract relevant data while also monitoring license usage.
• Create data retention policies and perform index administration, maintenance, and optimization.
• Complete/Maintain STIG configuration checklists of Elastic deployment to support RMF Security Control Assessor - Validator (SCA-V).
• Configure Elastic infrastructure to utilize trusted DoD certificates for all communication.
• Develop customized Elasticsearch queries, filters, and visualizations to meet customer requirements.
• Work with AvMC CIO/G6 teams to identify inefficiencies in current monitoring services, propose and implement changes to streamline alerts or automate remediations.

At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our “Family of Professionals!” Learn about our employee-centric culture and benefits here. 

• Bachelor’s degree in related field, or the equivalent experience.
• Minimum of 12 years' work-related experience.
  • Deviation from education and/or degree requirements, as defined by contract, requires approval from CO.
• Working knowledge of Elasticsearch, Logstash, and Kibana (ELK Stack), including configuration, optimization, and troubleshooting.
• Must be able to obtain Security+CE within 6 months of hire.
• U.S. Citizenship required; must be able to obtain/maintain a DoD Secret clearance.
• Implementation of security best practices and ensure compliance with relevant regulations and standards (e.g., DISA STIGs) within the Elastic environment.
• Work related experience within DoD.
• Strong and effective communication skills

Preferred Qualifications

• Active DoD Secret clearance
• CompTIA Security+ CE certification
• Working knowledge of scripting languages for automation and customization.
• Understanding of application performance concepts, VMware, Linux and Windows operating systems, and network infrastructure concepts.
• Working knowledge with Elastic Stack solutions
• Hands-on Linux system administration 

Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.