Sr. SIEM Engineer
β - Featured Role | Apply direct with Data Freelance Hub
This role is for a Sr. SIEM Engineer with a contract length starting ASAP through 4/30/27, offering a pay rate of "X". Location is Fort Belvoir, requiring U.S. citizenship, Secret clearance, and DoD IAT Level II certification. Key skills include Elastic Stack and SOAR expertise.
π - Country
United States
π± - Currency
Unknown
-
π° - Day rate
-
ποΈ - Date discovered
September 14, 2025
π - Project duration
More than 6 months
-
ποΈ - Location type
On-site
-
π - Contract type
Unknown
-
π - Security clearance
Yes
-
π - Location detailed
Fort Belvoir, VA 22060
-
π§ - Skills detailed
#Elasticsearch #Compliance #REST (Representational State Transfer) #Automation #Security #Data Management #API (Application Programming Interface) #GCP (Google Cloud Platform) #Cloud #Ansible #Data Normalization #"ETL (Extract #Transform #Load)" #SAML (Security Assertion Markup Language) #Azure #Monitoring #Linux #Elastic Stack #LDAP (Lightweight Directory Access Protocol) #Python #Deployment #Normalization #Scala #AWS (Amazon Web Services) #Indexing #Bash #Data Mapping #Logging #ML (Machine Learning) #Data Pipeline #REST API #Logstash #SaaS (Software as a Service) #Visualization
Role description
β’
β’
β’ United States Citizenship (no dual citizenship) required per government contract. An Active DoD eligibility with favorable determination is required per government contract. Main Sail is seeking a Sr. SIEM Engineer specializing in Elastic Stack and Confluent in support of the PEO Enterprise SIEM Consolidation / Cyber Defense effort. This effort is focused on the consolidation of PEO Enterprise multiple SIEM solutions (approx. 40) into one consolidated SIEM. This individual should have extensive experience with Security Information and Event Management (SIEM) deployment and tuning as well as Security Orchestration Automation and Response (SOAR) development and implementation. Responsibilities:
Design, deploy, configure, and maintain Elastic stack and Confluent deployments.
Manage, patch, and upgrade Elasticsearch, Confluent, and other related systems.
Tune and optimize Elastic stack deployments based on application/customer needs.
Design and configure ETL data pipelines to ingest customer defined data sets such as application logs, metrics, and or threat events.
Create custom visualizations and dashboards using Kibana.
Configure and maintain index templates and information lifecycle management (ILM) policies.
Develop Elastic alerting solutions using Watcher and/or Kibana Rules and Connectors with integrations to ticketing systems, email, and messaging apps as required.
Develop Machine Learning (ML) jobs to dynamically monitor and alert on identified metrics, KPIs, and/or data anomalies.
Follow ITIL based change management processes to move solutions from Dev to Test and into Production.
Run the day-to-day operations of the security operations center.
Investigate incidents and lead response efforts as applicable.
Required Skills:
A Secret clearance will be required to maintain this position.
Compliance with DoD 8140 / 8570 IAT Level II certification prior to start date.
At least 5 years of hands-on experience in deployment, configuration, and solution development using the Elastic Stack for security and logging use-cases. Specific experience with Elastic SIEM is plus.
Demonstrated experience with the full Elastic Stack - Elasticsearch, Logstash, Kibana, Beats, Machine Learning, and REST API integration.
Experience integrating Elasticsearch with external systems (e.g. SOAR tools, Threat Client Platforms).
Experience with data management: hot/warm/cold architectures, shard allocation/re-allocation, snapshots & restoration.
Strong experience with evaluating existing Elastic clusters, configuration parameters, indexing, search and query performance tuning, security, and cluster administration.
Experience integrating Elasticsearch with alternate authentication mechanisms such as SAML, LDAP, and PKI.
Experience with supporting the Elastic Stack in on-prem and SaaS environments including system monitoring and tuning.
Experience securing the Elastic stack and hardening hosting environments.
Experience with the design and implement of highly scalable solutions using the Elastic Stack.
Experience in developing data structures, data mapping from various sources to achieve data normalization using Elastic Common Schema.
Experience developing Logstash and/or Elastic Ingest Pipelines.
Experience developing custom visualizations and dashboards using Kibana, including creating specialized reporting solutions through Elasticsearch and Kibana APIs to meet complex stakeholder requirements.
Experience in end-to-end Low-level design, development, administration, and delivery of Elasticsearch based reporting solutions.
Strong technical foundation in building reliable, scalable, and supportable systems.
Experienced in Red Hat Enterprise Linux deployment and administration.
Desired Skills:
Experience using and developing Ansible playbooks for automation of system deployment and/or configuration.
Experience with developing in multiple languages (Python, Bash, PowerShell, Painless, etc.).
Understanding of the MITRE Telecommunication & CK framework.
Certified Elastic Engineer or willingness to gain certification within 90 days of hire.
Experience with cloud environments (e.g., Azure, AWS, GCP, etc.) and cloud security architecture.
Experience condensing large environments to a single pane of glass view to facilitate optimal operational efficiency.
Experience leading incident response and forensic investigative initiatives.
Demonstrated ability to create and present executive level briefings.
Experience with Army policies, regulations, and processes preferred.
Location: Fort Belvoir, 4-5 days per week on-site/local only Period: ASAP with additional option years through 4/30/27 likely.
β’
β’
β’ United States Citizenship (no dual citizenship) required per government contract. An Active DoD eligibility with favorable determination is required per government contract.
β’
β’
β’ United States Citizenship (no dual citizenship) required per government contract. An Active DoD eligibility with favorable determination is required per government contract. Main Sail is seeking a Sr. SIEM Engineer specializing in Elastic Stack and Confluent in support of the PEO Enterprise SIEM Consolidation / Cyber Defense effort. This effort is focused on the consolidation of PEO Enterprise multiple SIEM solutions (approx. 40) into one consolidated SIEM. This individual should have extensive experience with Security Information and Event Management (SIEM) deployment and tuning as well as Security Orchestration Automation and Response (SOAR) development and implementation. Responsibilities:
Design, deploy, configure, and maintain Elastic stack and Confluent deployments.
Manage, patch, and upgrade Elasticsearch, Confluent, and other related systems.
Tune and optimize Elastic stack deployments based on application/customer needs.
Design and configure ETL data pipelines to ingest customer defined data sets such as application logs, metrics, and or threat events.
Create custom visualizations and dashboards using Kibana.
Configure and maintain index templates and information lifecycle management (ILM) policies.
Develop Elastic alerting solutions using Watcher and/or Kibana Rules and Connectors with integrations to ticketing systems, email, and messaging apps as required.
Develop Machine Learning (ML) jobs to dynamically monitor and alert on identified metrics, KPIs, and/or data anomalies.
Follow ITIL based change management processes to move solutions from Dev to Test and into Production.
Run the day-to-day operations of the security operations center.
Investigate incidents and lead response efforts as applicable.
Required Skills:
A Secret clearance will be required to maintain this position.
Compliance with DoD 8140 / 8570 IAT Level II certification prior to start date.
At least 5 years of hands-on experience in deployment, configuration, and solution development using the Elastic Stack for security and logging use-cases. Specific experience with Elastic SIEM is plus.
Demonstrated experience with the full Elastic Stack - Elasticsearch, Logstash, Kibana, Beats, Machine Learning, and REST API integration.
Experience integrating Elasticsearch with external systems (e.g. SOAR tools, Threat Client Platforms).
Experience with data management: hot/warm/cold architectures, shard allocation/re-allocation, snapshots & restoration.
Strong experience with evaluating existing Elastic clusters, configuration parameters, indexing, search and query performance tuning, security, and cluster administration.
Experience integrating Elasticsearch with alternate authentication mechanisms such as SAML, LDAP, and PKI.
Experience with supporting the Elastic Stack in on-prem and SaaS environments including system monitoring and tuning.
Experience securing the Elastic stack and hardening hosting environments.
Experience with the design and implement of highly scalable solutions using the Elastic Stack.
Experience in developing data structures, data mapping from various sources to achieve data normalization using Elastic Common Schema.
Experience developing Logstash and/or Elastic Ingest Pipelines.
Experience developing custom visualizations and dashboards using Kibana, including creating specialized reporting solutions through Elasticsearch and Kibana APIs to meet complex stakeholder requirements.
Experience in end-to-end Low-level design, development, administration, and delivery of Elasticsearch based reporting solutions.
Strong technical foundation in building reliable, scalable, and supportable systems.
Experienced in Red Hat Enterprise Linux deployment and administration.
Desired Skills:
Experience using and developing Ansible playbooks for automation of system deployment and/or configuration.
Experience with developing in multiple languages (Python, Bash, PowerShell, Painless, etc.).
Understanding of the MITRE Telecommunication & CK framework.
Certified Elastic Engineer or willingness to gain certification within 90 days of hire.
Experience with cloud environments (e.g., Azure, AWS, GCP, etc.) and cloud security architecture.
Experience condensing large environments to a single pane of glass view to facilitate optimal operational efficiency.
Experience leading incident response and forensic investigative initiatives.
Demonstrated ability to create and present executive level briefings.
Experience with Army policies, regulations, and processes preferred.
Location: Fort Belvoir, 4-5 days per week on-site/local only Period: ASAP with additional option years through 4/30/27 likely.
β’
β’
β’ United States Citizenship (no dual citizenship) required per government contract. An Active DoD eligibility with favorable determination is required per government contract.
