Serve as the primary technical authority for designing, building, and maintaining data ingestion pipelines supporting Elastic SIEM
Focus on creating scalable, resilient Logstash architectures
Develop advanced pipeline logic
Normalize, enrich, and transform security telemetry
Ensure reliable delivery of high-fidelity data to Elasticsearch
Architect, build, and maintain Logstash pipelines to ingest and transform logs from diverse systems, including network devices, servers, cloud services, and security platforms
Implement parsing, grok patterns, JSON transformations, conditional routing, enrichment logic, and ECS mapping
Optimize pipeline performance, resiliency, and scalability (e.g., persistent queues, pipeline workers, memory tuning, load balancing)
Ensure all ingested data aligns to ECS (Elastic Common Schema) or internal schema requirements
Implement data enrichment workflows (GeoIP, threat intel lookups, metadata injection)
Validate data completeness, integrity, and fidelity across ingestion flows
Maintain and optimize Logstash clusters, including version management, scaling, tuning, and high-availability configurations
Manage integrations with Beats, Elastic Agent, Kafka, syslog endpoints, and custom data collectors
Monitor ingestion throughput, latency, and error rates; implement proactive alerting and troubleshooting processes
Create and maintain technical documentation, including pipeline diagrams, data flow maps, runbooks, and schema references
Establish enterprise standards for parsing, enrichment, normalization, and ingestion patterns
Support internal and external audits by documenting data handling flows and pipeline logic
Work closely with SIEM integration engineers to align pipelines with customer environments and logging requirements
Partner with detection engineering teams to ensure data supports analytic coverage and rule development
Collaborate with infrastructure and platform operations for deployment, scaling, and reliability engineering

Requirements

Must have 10, or more, years of general (full-time) work experience
Must have 5, or more, years of experience in log ingestion, data engineering, or SIEM pipeline development
Must have 2, or more, years of experience working in a management or leadership role, mentoring and guiding other team members
Must have a strong background in Elastic Stack components (Elasticsearch, Kibana, Beats, Elastic Agent)
Must have experience with data ingestion, processing, and enrichment techniques
Must have hands-on experience ingesting, processing, and normalizing diverse log types (Windows events, syslog, firewall logs, cloud telemetry, security tooling)
Must be proficient with Linux administration, system-level debugging, and CLI-based operations
Must have a DoD 8570.01-M IAT Level II certification with Continuing Education (CE) - (CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP)
Must have an active DoD Secret Security Clearance
Must be able to obtain an active DoD Top Secret Security Clearance

Benefits

Health, dental, and vision insurance
Paid time off and holidays
Retirement benefits (including 401(k) matching)
Educational reimbursement
Parental leave
Employee stock purchase plan
Tax-saving options
Disability and life insurance
Pet insurance

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

data ingestionLogstashElasticsearchdata processingdata enrichmentpipeline developmentLinux administrationsystem-level debuggingJSON transformationsECS mapping

Soft skills

leadershipmentoringcollaborationtechnical documentationtroubleshooting

Certifications

DoD 8570.01-M IAT Level IICCNA-SecurityCySA+GICSPGSECSecurity+ CECNDSSCP