Share this job
Migration Engineer
Fort Shafter, HI
Apply for this job

Elastic Splunk Implementation & Migration Engineer


Our immediate priority is to assist, guide, and help architect the migration of GISA-PAC, GISA Europe and eventually GISA Liberty and INSCOM HQ off of Splunk with configuration and installation of the initial architecture.


This will include the following steps by Phase:


1. Phase 1 - Initiate

a. Define goals and objectives: Clearly define the goals and objectives for

implementing Elastic SIEM. This may include migration off Splunk, improving

security visibility, detecting and responding to threats, or meeting compliance

requirements.

b. Discover and review Splunk environment: identify current source types, sources,

knowledge objects, dashboards, and searches that need to be migrated to the

Elastic SIEM


2. Phase 2 - Plan and design

a. Review discovery artifacts and design the migration off Splunk. This includes

checkpoints, migration criteria, cutoff criterium and architectural best practices.

b. Identify data sources: Identify all data sources that will be used by Elastic SIEM,

including servers, applications, network devices, and security tools.


3. Phase 3 - Implement

a. Implement stack components consisting of 9 ElasticSearch nodes, 2 kibana

nodes, and 1 machine learning node.

b. Benchmark and tune. The cluster will be benchmarked, tested, and tuned to

ensure proper configuration and performance under load.


4. Phase 4 - Deliver

a. Configure data collection: Configure the data collection process to ensure that all

relevant data is being collected and forwarded to Elastic SIEM. This may involve

configuring data ingestion pipelines, setting up beats, or installing Elastic agents

on servers or devices.

b. Configure Elastic SIEM: Configure Elastic SIEM to meet the organization's

specific needs and requirements. This may include defining and refining rules

and alerts, creating custom dashboards, and configuring integrations with other

security tools.

c. Test and validate: Test and validate the Elastic SIEM configuration to ensure that

it is functioning properly and meeting the organization's goals and objectives.

d. Deploy and monitor: Deploy Elastic SIEM in the production environment and

begin monitoring for security events and alerts. Regularly review and update the

configuration as needed to ensure that it continues to meet the organization's

needs.

e. Train staff: Train staff on how to use Elastic SIEM and respond to alerts and

incidents. This may involve providing hands-on training or creating

documentation and resources for ongoing reference.

This time will also include the project management to coordinate with GISA and the other

vendors, to update on progress and tasks, as well as manage the architects on the Elastic side

and bring in specialists as needed for specific tasks to do them more efficiently.



GISA Enterprise FTE Technology Support


Once the initial builds are deployed, assist in the operation and maintenance of the

Elastic cluster. This consists of remote performance and tuning,

additional data on boarding, rule building, alert tuning, AI assistant and Attack Discovery

enablement, and other O&M tasks. The purpose is to offer all sites of GISA reach back sessions with an Elastic expert

 

Other Duties as Assigned:


1.        provide Intelligence IT storage support, including planning, design, engineering, implementation, integration maintenance, monitoring, troubleshooting, and correction for INSCOM GISA-W core IT services up to the TS/SCI level. This also includes providing storage support to existing NetApp, and future, hardware and software technologies.


2.        Provide Intelligence IT virtualization support including planning, design, engineering, implementation, integration, maintenance, monitoring, troubleshooting, and correction for GISA-W core IT services up to the TS/SCI level. We will provide virtualization support to existing (VMware and Citrix VDI, and future) technology, implementations and ensure capability is functional with DIA Next Generation Desktop Environment (NGDE) and future infrastructures. Our experienced personnel will ensure virtual infrastructure is maintained, patched, configured, and secured in accordance with IC and Army JWICS IT security standards and guidelines. We will ensure virtual infrastructure is monitored in accordance with IC and Army JWICS insider threat initiatives. We will also coordinate with external support as it pertains to GISA-W Intelligence IT virtualization components.


Apply for this job
Powered by