Booz Allen HamiltonRemote
Security Engineer
United States of America
Full Time
3 weeks ago
$113,000 - $257,000 USD
No H1B
Key skills
Elastic StackElasticsearchKibanaLogstashBeatsFleetElastic Security detection rulesIdentity and Access ManagementPenetration testingSecurity auditsFirewall design and deploymentIntrusion detection systemsIntrusion prevention systemsEncryption protocolsDigital forensicsSecurity event correlationRisk and vulnerability assessmentsBig data analyticsElastic Common SchemaES|QLEQLSecurity operations center (SOC)Security information and event management (SIEM)PythonAIMLRAGPyTorchscikit-learnAnalyticsECSIAM
About this role
Booz Allen Hamilton is seeking a Security Engineer to protect the organization’s data, networks, and IT infrastructure from cyber-attacks. The role involves designing secure architectures, conducting penetration tests, and managing cybersecurity controls to ensure the integrity and security of company data.
Responsibilities:
- Design and deploy firewalls, intrusion detection systems or intrusion prevention systems (IDS/IPS), and encryption protocols
- Conduct regular penetration tests and security audits to identify and patch system weaknesses
- Perform Identity and Access Management (IAM), including implementing policies to ensure only authorized users can access sensitive company data
- Lead or assist in the technical response to security breaches, including digital forensics and damage mitigation
- Create and enforce company-wide security standards such as password management and data classification
- Develop relationships quickly and easily with other teams, communicating the complexities of security with a wide variety of audiences, including senior management
- Manage infrastructure and cybersecurity controls, including enhanced detection and vulnerability capabilities and improved event correlation in large enterprises
- Lead risk and vulnerability assessments in network, system, and application areas
- Leverage big data analytics and traditional security event types to identify advanced threats or indicators of compromise
Requirements:
- 6+ years of experience administering Elastic Stack, including Elasticsearch, Kibana, Logstash, Beats, or Fleet
- Experience managing Elasticsearch index lifecycle policies, index templates, and data streams at scale, and building Kibana dashboards, visualizations, and lens-based analytics for security operations
- Experience with Elastic Security detection rules, alerts, and case management workflows
- Experience with log ingestion pipeline design, including parsing, enrichment, and normalization across heterogeneous log sources such as network, endpoint, identity, and cloud
- Experience with Elastic Common Schema (ECS) and mapping non-standard log sources into ECS-compliant fields
- Experience with ES|QL or EQL for advanced threat hunting and detection-as-code workflows
- Experience working in a DoD, IC, or federal cybersecurity environment such as SOC, SIEM operations, or defensive cyber
- Secret clearance
- HS diploma or GED
- Experience building SOAR-related automation around Elastic, including webhook actions, connector integrations, or n8n/XSOAR orchestration
- Experience with Elastic's transforms and runtime fields for creating enriched security datasets and risk scoring indices
- Experience with RAG architectures or vector search in Elasticsearch for security knowledge retrieval, including TTP lookup and incident context enrichment
- Experience with Elastic's ML jobs, including for User and Entity Behavior Analytics (UEBA), rare process detection, or anomalous login patterns
- Experience with Elastic AI Assistant or integration of LLMs into Elastic Security workflows such as natural language querying and alert triage assistance
- Experience building or fine-tuning ML models outside Elastic, including Python, scikit-learn, and PyTorch, for security use cases such as threat detection or lateral movement scoring
- Knowledge of AI/ML concepts applied to security analytics such as anomaly detection, behavioral baselining, or threat scoring
- TS/SCI clearance