Sr. SIEM Engineer (Elastic + Confluent)

Position Title: Sr. SIEM Engineer (Elastic + Confluent) Location: Fort Belvoir, VA (100% Onsite) Clearance Requirements: Active Secret Clearance Position Status: Contract to Hire Position Description: We are seeking an experienced Sr. SIEM Engineer with deep expertise in the Elastic Stack (ELK) and Confluent to support a large-scale SIEM consolidation and cyber defense initiative. This role will focus on integrating and optimizing multiple existing SIEM solutions into a unified enterprise platform to enhance visibility, automation, and cyber resilience across the organization. The ideal candidate brings a proven track record in Elastic Stack deployment, tuning, and scaling, along with hands-on experience in SOAR development, ETL pipelines, and data analytics for security operations. Key Responsibilities • Design, deploy, configure, and maintain Elastic Stack and Confluent solutions in enterprise environments. • Manage upgrades, patching, and optimization of Elasticsearch, Logstash, Kibana, and Beats components. • Develop and configure ETL data pipelines for ingesting logs, metrics, and threat data from diverse sources. • Create advanced Kibana dashboards and custom visualizations for real-time monitoring and reporting. • Implement and maintain index templates, ILM policies, and Elastic alerting solutions using Watcher or Kibana Rules. • Integrate alerting with ticketing systems, messaging platforms, and SOAR tools. • Develop Machine Learning jobs within Elastic to identify anomalies and support proactive threat detection. • Apply ITIL-based change management processes for solution lifecycle management (Dev → Test → Prod). • Support day-to-day Security Operations Center (SOC) activities, including incident investigation and response. Required Skills & Qualifications • Active Secret Clearance (required to maintain this position). • DoD 8140 / 8570 IAT Level II certification (must be obtained prior to start). • 5+ years of hands-on experience designing, deploying, and managing the Elastic Stack for SIEM or security analytics use cases. • Strong understanding of Elasticsearch architecture, indexing, query performance tuning, and cluster administration. • Experience with data lifecycle management, snapshots/restoration, and security hardening. • Demonstrated experience integrating Elastic Stack with SOAR platforms, Threat Intel feeds, and external authentication (SAML, LDAP, PKI). • Skilled in Red Hat Enterprise Linux (RHEL) administration and deployment. • Experience developing Logstash or Elastic ingest pipelines and custom Kibana dashboards. • Proficiency with REST API integration and Elastic Common Schema (ECS) data modeling. Desired Skills • Experience with Ansible automation for deployment and configuration management. • Scripting or programming experience in Python, Bash, PowerShell, or Painless. • Familiarity with the MITRE ATT&CK framework. • Elastic Certified Engineer or willingness to obtain certification within 90 days of hire. • Experience in cloud security architecture (AWS, Azure, or GCP). • Proven ability to consolidate complex SIEM environments into a single pane of glass. • Experience leading incident response or forensic investigations. • Familiarity with Army or DoD cybersecurity policies and processes. About Seneca Resources At Seneca Resources, we are more than just a staffing and consulting firm — we’re a trusted career partner. With offices across the U.S. and clients ranging from Fortune 500 companies to federal agencies, we connect talented professionals with meaningful, impactful work. When you join Seneca, you’ll experience: • A supportive team that invests in your success. • Competitive pay and benefits including health, dental, and vision insurance, 401(k), and more. • Career opportunities that align with your professional goals. We celebrate diversity and are committed to fostering an inclusive environment where all qualified individuals are encouraged to apply.