SIEM Platform Engineer
$77,600–$176,000 year
Hybrid · Arlington, Virginia, United States
Job Summary
SIEM Platform Engineer responsible for building a high-performing system using Elastic to aggregate logs into a single schema. Responsibilities include designing data pipelines for security operations, enabling threat hunting through quality visualizations and alerts, maintaining infrastructure, and working with vendors on deployment and maintenance within designated security requirements. Must have hands-on experience with Elastic Stack (ELK), log collection/enrichment/routing, and familiarity with ILM. Security clearance (TS/SCI) is required. Bonus experience with stream processing or data brokering (Cribl, Kafka), Docker/Kubernetes, DevSecOps CI/CD in IL5-IL7 environments, and scripting (Python).
Required Qualifications
- 1+ years of experience with SIEM platforms (e.g., Splunk Enterprise Security, Elastic Security, Kibana, Sentinel, Chronicle)
- Experience designing data pipeline architectures for security operations (log collection, normalization, enrichment, routing)
- Experience with Elastic Stack components (Logstash, Elasticsearch, Kibana, Beats) including installation, configuration, maintenance, upgrades, troubleshooting
- Knowledge of EDR/NDR or full-packet capture solutions (e.g., CrowdStrike, Corelight, Trellix)
- Knowledge of deploying platforms across cloud, on-premises, and disconnected environments using Kubernetes or OpenShift
- Knowledge of Elastic ILM (Index Lifecycle Management)
- TS/SCI clearance required
- HS diploma or GED
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.