EverWatch

ElasticSearch Engineer

Job Locations US-MD-Annapolis Junction
Posted Date 1 week ago(12/17/2024 6:04 PM)
ID
2024-3023
# of Openings
4
Category
Software Engineering

Job Title

ElasticSearch Engineer

Overview

EverWatch is a government solutions company providing advanced defense, intelligence, and deployed support to our country’s most critical missions.  We are a full-service government solutions company. Harnessing the most advanced technology and solutions, we strengthen defenses and control environments to preserve continuity and ensure mission success.

 

EverWatch is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age (40 or older), disability, genetic information, citizenship or immigration status, and veteran status or any other factor prohibited by applicable law.

EverWatch employees are focused on tackling the most difficult challenges of the US Government. We offer the best salaries and benefits packages in our industry - to identify and retain the top talent in support of our critical mission objectives. 

Responsibilities

EverWatch is pioneering the roll out of zero-trust infrastructure, called Thunderdome, across DoD federal agencies. This will be an excellent opportunity for you to gain practical, hands-on experience with this hot new cybersecurity framework that is sweeping the industry, making you a valuable asset to any team you want to work with going forward. Having zero trust technologies on your resume will be a game changer for your overall career, giving you so much flexibility in the future, as well as much higher earning potential in a shorter period of time.

 

Work with clients and peers to build a high performing system using Elastic to aggregate logs from many systems into a single common schema. Use Elastic Common Schema (ECS) formatted fields, create quality visualizations and alerts that analyst can use for threat hunting, maintain infrastructure, and identify problems or anomalous behavior before they become a larger issue and can be actioned on. Work with the vendor to determine best practices for deployment and maintenance of system architecture and deploy within designated security requirements. 

Qualifications

Basic Qualifications:

  • 2+ years of experience with Elastic Stack, Logstash, Elasticsearch, Kibana, and Beats, including installing, configuring, maintaining, upgrading, and troubleshooting these products
  • 2+ years of experience building high-quality Kibana visualizations and dashboards
  • Experience with log pipelines and interpreting logs to determine information, including converting raw logs into ECS formatted documents
  • Experience with Logstash plugins, filters, regular expressions, and grok patterns
  • Knowledge of cryptography protocols and standards, including TLS, mTLS, hashing algorithms, and Public Key Infrastructure (PKI)
  • Knowledge of federal compliance standards, including NIST 800-53, FIPS, STIG, and FedRAMP
  • Secret clearance
  • HS diploma or GED

 

Additional Qualifications:

  • Experience working with Docker, Kubernetes, and cloud containerization solutions, such as Elastic Cloud on Kubernetes (ECK)
  • Experience with Office 365 applications and Teams collaboration
  • Experience interacting with tools through RDP, web-based UI, SSH, and CLI
  • Experience with McAfee and Tenable
  • Experience with NiFi, Kafka, and Confluent
  • Knowledge of Elastic Index Lifecycle Management (ILM)
  • Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic OS issues
  • Knowledge of networking protocols
  • Ability to understand how various systems interact with each other

 

Clearance Level

Secret

Job Locations

US-MD-Annapolis Junction

Skills

Docker, Kubernetes, AWS, Azure, Linux, Elasticsearch, Elastic Stack, Logstash, Kibana, Beats

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed