Elastic Detection SME

Elastic Detection Subject Matter Expert 

Remote US

TS SCI  

As an Elastic Detection SME, you will work closely with architects, engineers, and integrators to assess customer requirements, data source ingestion, and provide information on what is required to successfully build out detection logic and perform threat hunting missions.   

Position Requirements and Duties

• Serve as a SME, providing guidance, and best practice recommendations on data ingestion.
• Use Network and Host Based data to drive detection, monitoring, and response capabilities.
• Create detection analytics based off the MITRE ATT&CK Framework and other security frameworks.
• Perform unique research on adversarial Tools, Techniques, and Procedures (TTPs).

 Qualifications  

• Requires Bachelor’s degree or equivalent in the fields of computer science, computer engineering, or any related field and 7 years of related experience.
• At least three years of experience with engineering and administrating the Elastic Stack (Elasticsearch, Logstash, Kibana, Beats) in production at scale (multi-node clusters, hot/warm/cold architectures, index lifecycle management, snapshots, etc.).
• Experience with Threat Hunting and detection engineering.
• At least three years of experience with data lifecycle management, to include common ETL (Extract, Transform, Load) techniques, preferably with Logstash and Beats.
• DoD Directive 8570 IAT Level II or higher certification

Desired Skills  

• Experience planning and integrating data schemas and KQL / Lucene query syntax.
• Experience developing custom visualizations (preferably in Kibana) to convey business analytics of value to customers.
• Experience with automated configuration management tools (Ansible, Chef, Puppet, SaltStack) and containers/orchestration (Docker, Kubernetes), and version control systems (GitHub, GitLab).
• Experience with cloud infrastructure, preferably Amazon Web Services (AWS).
• Experience with implementation of and challenges with message queue technologies, such as Apache or Confluent Kafka, RabbitMQ, SQS, etc.
• Proficiency with programming and scripting concepts, preferably in Python, for custom development and integrations.
• Strong networking background with analytical and problem-solving/troubleshooting skills to effectively resolve problems both in development and production.
• Experience working in DevOps structured and Agile organizations.
• Experience with Kubernetes, specifically ECK is a plus.
• Familiarity with MITRE ATT&CK framework is a plus.

 Certifications  

•  8570 IAT Level II

Company Overview

Adapt Forward is a cybersecurity solutions provider for some of the nation’s most valuable information systems. Leveraging advanced threat assessment technology and experience in building high-level information security infrastructure, we develop adaptive solutions uniquely tailored to our customers’ business objectives to protect sensitive data against sophisticated threats in an increasingly complex security environment.

Summary of Benefits

• Comprehensive Physical Wellness Package, including Medical, Dental, Vision Care, plus Flexible Spending Accounts for health- and dependent-care are included in our standard benefits plan.
• 401k Retirement Plan with Matching Contribution is immediately available and vested.
• Annual Training Budget to be used for conference attendance, school enrollment, certification programs, and associated travel expenses.
• Eleven Federal Holidays, plus three weeks of PTO/vacation/sick leave that accrues at a rate of ten hours per month.
• Employee Assistance Program: Counseling/legal assistance and other employee well-being programs are also offered.

Equal Opportunity Employment

Adapt Forward is an equal opportunity employer that values diversity in the workplace and does not discriminate or allow discrimination on the basis of race, religion, age, gender, sexuality, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. Adapt Forward promotes affirmative action for minorities, women, disabled persons, and veterans.