ELK/Data Engineer

SMX is seeking a Data Analyst to design, develop, and implement data-driven solutions to enhance cybersecurity operations, leveraging data analytics, visualization, and observability techniques to improve threat detection, incident response, and security posture. This role requires designing and developing data pipelines and architectures to ingest, process, and analyze large datasets from various cybersecurity sources, as well as developing and implementing data visualization and dashboarding solutions to provide real-time insights and situational awareness to cybersecurity analysts and stakeholders.

The Data Analyst shall utilize the GISA Governance Board determined Security Information and Event Management (SIEM) solution, which as of January 2025 is transitioning from Splunk to a new architecture based on Elastic, Logstash, and Kibana (ELK), leveraging Cribl as a data broker to streamline and optimize data ingestion and processing. Additionally, the role involves implementing machine learning and anomaly detection models to identify potential security threats and improve incident response, developing and maintaining data quality and integrity, and collaborating with cybersecurity teams to integrate data-driven solutions with existing security tools and systems. The Data Analyst must stay up-to-date with emerging threats and trends in cybersecurity and data science, and apply this knowledge to improve the design and implementation of data-driven solutions, while ensuring compliance with relevant Department of Defense (DoD) and Intelligence Community (IC) standards, including the National Institute of Standards and Technology (NIST) Special Publication 800-53, DoD Instruction 8500.01, and Intelligence Community Directive (ICD) 503, as well as adherence to security regulations such as the Controlled Unclassified Information (CUI) program and other applicable laws, regulations, and policies governing the protection of national security information. The ultimate goal of this role is to provide data-driven insights and solutions that support the organization's cybersecurity mission, improve threat detection and incident response, and enhance overall cybersecurity posture in accordance with DoD and IC standards and regulations. This is a full-time onsite position.

Essential Duties & Responsibilities

• Vulnerability Management and Reporting:
  • Generate detailed automated reports on identified vulnerabilities, outlining their severity, potential impact, and recommended remediation steps.
  • Assess vulnerability assessment results and prioritize vulnerabilities based on their criticality, potential impact, and ease of exploitation.
  • Maintain accurate records of vulnerability assessments, reports, and remediation efforts for audit and compliance purposes.
• Remediation and Collaboration:
  • Work closely with IT teams to oversee the application of security patches and updates that address identified vulnerabilities.
  • Collaborate with incident response teams to address vulnerabilities that have been exploited or may be exploited during a security incident.
  • Collaborate with cross-functional teams, including regional support groups, to ensure the swift resolution of vulnerabilities.
• Threat Intelligence and Awareness:
  • Stay updated on the latest threat intelligence, new vulnerabilities, and mitigation strategies, particularly in DoD, Army, and IC environments.
  • Participate in security awareness programs to educate employees on vulnerability reporting and the use of automated reporting tools.
• Data Observability:
  • Design and develop data pipelines and architectures to ingest, process, and analyze large datasets from various cybersecurity sources, including network logs, system calls, and threat intelligence feeds.
  • Develop and implement data visualization and dashboarding solutions to provide real-time insights and situational awareness to cybersecurity analysts and stakeholders.
  • Collaborate with cybersecurity teams to integrate data-driven solutions with existing security tools and systems, including SIEMs, IDS/IPS, and threat intelligence platforms.
• Compliance and Standards:
  • Ensure compliance with DoD, Army, and IC regulations, task orders, bulletins, and standards related to vulnerability management.
  • Clearly convey findings and recommendations to both technical and non-technical stakeholders, including management.

Required Skills, Experience & Education

• Active Top Secret (TS) security clearance with eligibility for SCI and NATO read-on before starting work. •
• Meet DoD 8140 / 8570.01-M requirements for a privileged user on a TS/SCI information system before commencing work.
• CISSP, CISM, or equivalent certification.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field OR 10+ Years experience with Enterprise SIEM Data Observability and Reporting (Splunk/Elastic)
• Technical Skills:
  • Thorough understanding of cybersecurity principles, best practices, and emerging threats.
  • Proficiency in vulnerability scanning and cybersecurity tools, including Tenable.
  • Security Information and Event Management (SIEM) systems: Splunk, Elastic, Logstash, Kibana (ELK)
  • Data broker technologies: Cribl, Confluent
  • Operating Systems Security Events: Windows, Linux
  • Networking protocols: TCP/IP, DNS, DHCP, HTTP/HTTPS
  • Cybersecurity tools and technologies: IDS/IPS, firewalls, host based security, threat intelligence platforms, vulnerability management tools
• Technical Expertise: Advanced knowledge of Security Incident and Event Management (SIEM) tools, vulnerability management, compliance, and cybersecurity principles.
• Analytical Thinking: Strong problem-solving skills to assess vulnerability risks and recommend effective remediation strategies.
• Communication: Ability to convey technical findings clearly and succinctly to both technical and non-technical audiences.
• Collaboration: Adept at collaborating with IT, security, and cross-functional teams to ensure timely and effective vulnerability remediation.
• Attention to Detail: Meticulous in documenting and reporting vulnerabilities, ensuring compliance and audit readiness.
• Regulatory Knowledge: Knowledge of DoD, Army, and IC regulations, standards, and compliance requirements.
• Adaptability: Keeps current with evolving threats, vulnerabilities, and cybersecurity mitigation techniques.

Desired Skills/Experience

• Advanced certifications such as Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler (GCIH), and GIAC Vulnerability Assessment Professional (GVAP).
• Experience in a DoD, Army, or Intelligence Community environment with a focus on vulnerability management.
• Familiarity with automation tools and scripting languages (such as Python and PowerShell) to improve vulnerability reporting processes.

Application Deadline: July 14, 2025

#CJPOST

#LI-onsite