Leidos is seeking a Security Engineer ArcSight/ELK to join its ACE-IT team.
Locations: Strongly prefer Vicksburg, MS or Hillsboro, OR, but may have flexibility to be located in
New York, NY, Hanover, NH, Philadelphia, PA, Washington D.C., Atlanta, GA, Los Angeles, CA or Fort Worth, TX.
Telework is available.
The Security Engineer will be primarily responsible for daily O&M of the CorpsNET Arcsight infrastructure which includes loggers, connectors and ESMs, CorpsNET testbed/pilot of new SIEM technologies and content management in the ESM console
Serve as a Security Engineer for USACE and ACE-IT for all things related to the SIEM platforms for both CorpsNet and the Joint Regional Security Stack (JRSS).
The successful candidate will possess experience in ArcSight, the primary SIEM platform, and familiarity with ELK ( Elasticsearch, Logstash, and Kibana)
• Solid understanding of systems management, networking, and multiple security technologies and concepts
• Strong understanding of SIEM deployment use cases and methodology
• Problem solving and troubleshooting skills to independently resolve complex communication and systems issues
• Ability to work in a Linux shell to perform upgrades and installations and to troubleshoot problems with the OS and installed application stacks
Ability to install, configure and operate Logger appliances, ArcMC, Connectors and ESM
Linux experience to administer systems for Connectors and ESM
Configuration from within ESM console
Experience with content development in ESM console
• ELK- Administer Elastic Search infrastructure, Integrate Elastic Stack in an environment with multiple data sources and third party applications
• General Firewall concepts
Education & Experience:
Typically requires Bachelor's Degree in Science, Technology, Engineering or Math and 4 to 8 years of prior relevant experience or Master's Degree with 2 to 6 years of prior relevant experience. Will accept 4 years of direct relevant experience in lieu of Degree requirement.
Must have a Secret Clearance and be able to obtain a Top Secret/SCI
Certifications and Skills:
Must have at least one of: CISSP (or Associate), CASP+ CE, CCNP Security, CISA, GCED, or GCIH. Must have ArcSight/SIEM/Linux or Computing Environment related cert.