Logo
Accenture

Elastic SIEM Engineer

Accenture, San Antonio, TX


At Accenture Federal Services, nothing matters more than helping the US federal government make the nation stronger and safer and life better for people. Our 13,000+ people are united in a shared purpose to pursue the limitless potential of technology and ingenuity for clients across defense, national security, public safety, civilian, and military health organizations.

Join Accenture Federal Services to do the work you love in an inclusive, collaborative, and caring community, where you can be empowered to grow, learn and thrive through hands-on experience, certifications, industry training and more.

Join us to drive positive, lasting change that moves missions and the government forward!

We are:

Accenture Federal Services, providing a tailored strategy to address the many cybersecurity challenges faced by customers in today's ever-changing business and industry landscape. Our team delivers a wholistic approach to cybersecurity assessment, monitoring, investigation, and response. Whether we're defending against identified threat actors, detecting and responding to the unknown, or running an entire security operations center, we build cyber resilience so our clients can grow with confidence in their security.

You are:

A Cyber Security professional and enthusiast, who is seeking opportunities to evolve his/her craft by understanding latest cyber threats and help clients identify intrusion in their respective environments. In order to effectively do this, you leverage cutting edge Security Information and Event Management (SIEM) data analytics, as well as network/endpoint detection and response technologies for investigating any malicious activity in customer's on-prem and cloud environments.

The work:
  • Conduct daily O&M on Elastic SIEM solution including, but not limited to:
    • Test data flows, troubleshoot issues, and monitor the health of the solution and servers to maximize performance and minimize downtime
    • Identify and resolve gaps in logging and alerting
    • Work closely with OS patching teams to ensure seamless patching of OS, to include components which Elastic SIEM is heavily reliant upon
    • Maintain Elastic SIEM at the latest stable, supported versions of the application
    • Work with vendor management teams to ensure licenses are maintained
    • Interface with Elastic support to resolve issues when needed
  • Work with the team to design, document, build, secure, and maintain Elasticsearch, Logstash, Kibana (ELK Stack) Enterprise solutions deployed in the cloud (AWS, OCI, Azure and/or GCP) to support both non-production and production environments
  • Work closely with architects, engineers, and integrators to assess customer requirements and to design and support an ELK Stack solution to ensure compliance with dashboard data requirements
  • Follow life cycle processes to move solutions from Dev to Test to Pre-Staging to Production
  • Configure and maintain Linux based Operating system files in support of the Elasticsearch products (yum updates and product version upgrades)
  • Document the installation and configuration for deployment into production
  • Secure the solution by being familiarity with TLS, certificates, SSO/PIV authentication, and encryption technologies
  • Develop and apply quantitative and qualitative analytic methods to identify, collect, process and analyze large data sets for specified purposes
  • Work with the data lifecycle management
  • Participate and contribute in new and ongoing project stand-up sessions to track progress and ensure development of solutions is in compliance with CMPS security posture and customer requirements
  • Serve as a trusted advisor, providing subject matter expertise, guidance, and best practice recommendations


Here's What You Need:
  • Required: 1+ year(s) of Elastic experience (Elasticsearch, Logstash, Beats, Kibana)
  • experience in production
  • 3+ years of Linux, CentOS and/or Red Hat Enterprise Linux (RHEL) experience
  • 2+ years hands-on experience with AWS environments and/or Azure and/or Oracle Cloud Infrastructure
  • Proficiency and knowledge of Elasticsearch's cross-cluster search (CCS) feature Experience with data ingest, Extract, Transform, and Load (ETL) techniques preferable Logstash and Beats Experience with multi-node clustering, architecture, development, implementation, and health monitoring of the indexes
  • Knowledge of hot/warm/cold data/index lifecycle management implementations
  • Knowledge of Elasticsearch Management, reindexing and data mappings, JSON and KQL searching syntax, and Kibana dashboard options Experience with automated configuration management tool and playbooks (Ansible, Chef, Puppet, SaltStack) and (Docker) containers, and GitHub Experience with NoSQL solutions: Lucene or SIEM (e.g. Splunk) Experience working in DevOps structured and Agile organizations
  • Experience with other Operating Systems like Windows Server Excellent communication, and relationship skills to articulate advanced technical topics and build consensus among stakeholders


Bonus Points if you have:
  • Bachelor's Degree in relevant field
  • Experience with CDM tools and agencies, including CDM tools and the role they play in government environments
  • Experience with leading the execution of FISMA related programs across large and complex multi-agency environments
  • Experience supporting large Federal programs ($200M+)
  • Experience and proficiency working within the Software Development Life Cycle and working knowledge of various methodologies/frameworks such as SAFe Agile


As required by local law, Accenture Federal Services provides reasonable ranges of compensation for hired roles based on labor costs in the states of California, Colorado, Hawaii, Maryland, New York, Washington, and the District of Columbia. The base pay range for this position in these locations is shown below. Compensation for roles at Accenture Federal Services varies depending on a wide array of factors, including but not limited to office location, role, skill set and level of experience. Accenture Federal Services offers a wide variety of benefits. You can find more information on benefits here. We accept applications on an on-going basis and there is no fixed deadline to apply.

The pay range for the states of California, Colorado, Hawaii, Maryland, New York, Washington, and the District of Columbia is:

$98,500-$184,900 USD

What We Believe

We have an unwavering commitment to diversity with the aim that every one of our people has a full sense of belonging within our organization. As a business imperative, every person at Accenture Federal Services has the responsibility to create and sustain an inclusive environment.

Inclusion and diversity are fundamental to our culture and core values. Our rich diversity makes us more innovative and more creative, which helps us better serve our clients and our communities. Read more here

Equal Employment Opportunity Statement

Accenture Federal Services is an Equal Opportunity Employer. We believe that no one should be discriminated against because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion or sexual orientation.

All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.

Accenture is committed to providing veteran employment opportunities to our service men and women.

For details, view a copy of the Accenture Equal Opportunity and Affirmative Action Policy Statement.

Los Angeles County Information OnlyIf you live in or expect to work from Los Angeles County if hired for this position, please review below for important additional information.

Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed in the job posting, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, meet client expectations, standards, and accompanying requirements, and safeguard business operations and company reputation. Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, Los Angeles Fair Chance Initiative for Hiring Ordinance, and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Requesting An Accommodation

Accenture Federal Services is committed to providing equal employment opportunities for persons with disabilities or religious observances, including reasonable accommodation when needed. If you are hired by Accenture Federal Services and require accommodation to perform the essential functions of your role, you will be asked to participate in our reasonable accommodation process. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired.

If youare being considered for employment opportunities with Accenture Federal Services and need an accommodation for a disability or religious observance during the interview process or for the job you are interviewing for, please speak with your recruiter.

Other Employment Statements

Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States.

Candidates who are currently employed by a client of Accenture Federal Services or an affiliated Accenture business may not be eligible for consideration.

Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.

The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Additionally, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information.