Elastic Siem Administrator - Wiesbaden, Deutschland - SOSi

SOSi

Geprüftes Unternehmen

Wiesbaden, Deutschland

vor 2 Wochen

Geschrieben von:

Lena Wagner

beBee Recruiter

Beschreibung

Overview

SOS International LLC (SOSi) is seeking a highly qualified Elastic SIEM Administrator to support our customer in Weisbaden Germany.

Responsibilities:

Responsible for administering the ElasticStack cluster, which includes pipeline services, to maintain and develop its future capabilities.
Responsible for developing and maintaining documentation related to the ElasticStack cluster covering how the system operates, how data sets are built, and how services are provided.
Operate and maintain a multisite Elastic clusters on various network enclaves.
Administer Confluent Kafka and associated Logstash pipelines.
Build configurations and filters for Elastic Beats and Agent collection architecture.
Assist aspects of Defensive Cyber Operations in performing analytical development.

Qualifications:

An active in scope Top Secret clearance is required.
Bachelor in related discipline +5, AS +7, major certification +7 or 11+ years specialized experience
Minimum of four (4) years' experience with the following:
Any major SIEM (ArcSight ESM, Splunk, Elastic, Microsoft Sentinel, McAfee ESM, etc.).
Writing and maintaining custom parsers and normalizing disparate data sets.
Strong understanding of Data Models and SIEM standardized compliance.
Writing and troubleshooting complex REGEX.
Organizing and orchestrating data set migrations with impacted users.
Providing advanced SIEM query language support to various content owners.
Have knowledge of SAML authentication.
Creating and maintaining administrative dashboards.
An IAT III certification (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, or GCIH) or higher is required.
Obtain an Elastic Certified Engineer certification within 180 days of start.
Must be able to obtain certification as a Technical Expert by the German Government under the Technical Expert Status Accreditation (TESA) process

Preferred Qualifications

Active Top Secret/SCI security clearance
Be an Elastic Certified Engineer, Elastic Certified Observability Engineer, or Elastic Certified Analyst.
Have experience supporting multisite architectures.
Have experience with Confluent Kafka.
Have previous corporate experience with Splunk or ArcSight.
Have experience with Elastic Agent.
Have extensive knowledge of Lucene language.
Have experience with VScode.
Have experience with Git, GitLab, Azure DevOps, GitHub, or other project configuration management.

Working Conditions

Working conditions are normal for an office environment.
On site in Wiesbaden, Germany
Fast paced, deadlineoriented environment.
May require periods of nontraditional working hours including consecutive nights or weekends (if applicable)

SOSi is an equal employment opportunity employer and affirmative action employer.

All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status.

SOSi takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.