COLSA is seeking a Senior Security Information and Event Management (SIEM) analyst to support the CIO G6 for the DEVCOM Aviation & Missile Center (AvMC) contract. Candidate should have extensive Linux system administration knowledge and a background in cybersecurity compliance monitoring tools such as Elastic, Splunk, etc.

Candidate will provide support and administration for transitioning current DoD Splunk environment to Elastic (ELK). Duties include but not limited to Linux platform administration, dashboard creation, and architecture enhancements needed in a dynamic environment. Candidate needs to possess understanding of evaluating, maintaining, and sustaining current SIEM related tools with possibility of other software evaluations. Candidate must have strong communication skills, work in a team environment to include mentoring more junior team members and understand both server backend and application frontend configurations.

Principal Duties and Responsibilities (*Essential functions)

• Administer, maintain, troubleshoot, and support an ElasticSearch environment on RHEL (Red Hat Enterprise Linux) servers on-premises. *

• Tune and optimize systems and data sources to better align with the organization’s strategic Integrated Operating Center goals. *

• Ensure the Elasticsearch configurations continue to run under optimal conditions. *

• Develop dashboards and applications with custom JavaScript, HTML and CSS features to fulfill dynamic organizational requirements with visual metrics for stakeholders. *

• Onboard new data sources, parse, and extract relevant data while also monitoring license usage. *

• Create data retention policies and perform index administration, maintenance, and optimization. *

• Complete/Maintain STIG configuration checklists of Elastic deployment to support Army and DoD requirements. *

• Configure Elastic infrastructure to utilize trusted DoD certificates for all communication.

• Develop customized Elasticsearch queries, filters, and visualizations to meet customer requirements. *

• Work with AvMC CIO G6 teams to identify inefficiencies in current monitoring services, propose and implement changes to streamline alerts or automate remediations. *

  At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our “Family of Professionals!” Learn about our employee-centric culture and benefits here (https://www.colsa.com/culture_benefits/) .

Required SkillsRequired Experience

• Bachelor’s degree in related field, or the equivalent experience.

• Minimum of 10 years' work-related experience.

• Working knowledge of Elasticsearch, Logstash, and Kibana (ELK Stack), including configuration, optimization, and troubleshooting.

• Active CompTIA Security+ CE certification

• Implementation of security best practices and ensure compliance with relevant regulations and standards (e.g., DISA STIGs) within the Elastic environment.

• Work related experience within DoD environment.

• Strong and effective communication skills

• Hands-on Linux system administration

• Active DoD Secret clearance; US Citizenship required

• Working knowledge of scripting languages for automation and customization.

  Preferred Qualifications

• Understanding of application performance concepts, VMware, Linux and Windows operating systems, and network infrastructure concepts.

• Working knowledge of ACAS vulnerability scanning and analysis

• CompTIA Linux+, Linux Professional Institute (LPIC), or RedHat certification preferred

• Elastic certification preferred

  Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.