Technogen, Inc.
Overview
Position: AWS Security Data Platform Engineer Location: Remote, with quarterly visits to Rockville, MD. Duration: 12-month initial contract (with 2 x 12-month renewal options). Job Description
The client seeks an experienced contractor to architect, implement, and manage a comprehensive security data platform integrating AWS Security Lake, Cribl Stream, and AWS Security Hub. Key Responsibilities
AWS Security Lake Management: Design and implement Security Lake custom sources for OCSF compliance; Configure native AWS log sources (CloudTrail, VPC Flow, GuardDuty, Config, Security Hub); Establish 30-month retention policies for M21-31 federal compliance; Manage Security Lake subscribers and access controls; Implement cross-account log aggregation across Client’s AWS Organization. Cribl Stream Platform Engineering: Deploy and manage Cribl Stream workers on AWS EKS; Develop OCSF transformation pipelines for event normalization; Implement intelligent data routing and cost optimization strategies; Configure advanced data sampling and filtering for non-production environments; Build custom parsers for Client-specific log sources and applications; Manage Cribl-to-Security Lake integration with schema validation. AWS Security Hub Integration: Configure Security Hub across all AWS accounts in Client’s organization; Implement custom findings aggregation and correlation rules; Integrate Security Hub with existing SIEM and ticketing systems; Develop automated remediation workflows for common security findings. Multi-Tenant Architecture Design: Implement business unit separation (BHW, DCSP, HSB, DFI, PRF, DAPS, etc.); Design environment-based access controls (Production, Non-Production, Sandbox); Configure role-based access using AWS IAM Identity Center; Establish data classification and handling procedures. OpenSearch Security Analytics: Configure ingestion pipelines from Security Lake; Implement index lifecycle management and retention policies; Build dashboards and alerting rules; Optimize query performance and storage costs; Integrate with Client’s existing SOC workflows. Required Technical Expertise
AWS Security Services (Expert Level) AWS Security Lake: custom sources, OCSF schema, Lake Formation permissions AWS Security Hub: multi-account setup, custom insights, finding aggregation AWS Organizations: SCPs, account management, cross-account access AWS IAM: Identity Center, least-privilege access, cross-account roles AWS CloudTrail: management and data events, multi-region logging AWS Config: compliance rules, remediation actions, conformance packs Cribl Platform (Expert Level) Stream workers, leaders, deployment architectures Parsing, transformation, and routing pipelines OCSF transformation: schema validation, field mapping, error handling Performance optimization: throughput tuning, memory management, scaling Integration patterns: S3, SQS, OpenSearch, Splunk, webhooks Data Engineering & Analytics OpenSearch index management, search optimization, and analytics Parquet/JSON formats and compression optimization AWS Glue crawlers, catalogs, schema evolution Amazon Athena query optimization and partitioning Time-series data management and retention Infrastructure & DevOps AWS EKS: orchestration, scaling, and policies Terraform: IaC, state management, modular design AWS VPC: private connectivity, security groups Monitoring: CloudWatch, AWS X-Ray, performance monitoring CI/CD: GitLab/GitHub Actions, automated testing, deployment pipelines Domain Expertise Requirements
Federal Compliance & Security: M21-31 logging requirements and implementation; FISMA compliance frameworks and controls; Incident response procedures and playbooks; Data classification and handling for government agencies; SOC 2 Type II and FedRAMP considerations Healthcare Sector Knowledge (Preferred): HIPAA compliance and PHI data handling; Healthcare threat landscape and attack patterns; Medical device/IoT threat detection; Healthcare-specific compliance reporting requirements Certifications & Experience
Mandatory Certifications: AWS Certified Security Specialty; One of: AWS Solutions Architect Professional OR AWS DevOps Engineer Professional; Cribl Certified Administrator (or obtainable within 90 days) Preferred Certifications: AWS Certified Advanced Networking Specialty; CISSP; CEH or equivalent; Elasticsearch/OpenSearch Certified Engineer Experience Requirements
Minimum 7 years in security engineering and data platform architecture 3 years with AWS Security Lake & Security Hub 3 years production experience with Cribl Stream 2 years federal/government compliance (M21-31, FISMA, FedRAMP) Best Regards, Ashok Kumar Sr. Talent Acquisition Specialist Email: Web: ;br /> 4229 Lafayette Center Dr, Suite 1880, Chantilly, VA 20151
#J-18808-Ljbffr
Position: AWS Security Data Platform Engineer Location: Remote, with quarterly visits to Rockville, MD. Duration: 12-month initial contract (with 2 x 12-month renewal options). Job Description
The client seeks an experienced contractor to architect, implement, and manage a comprehensive security data platform integrating AWS Security Lake, Cribl Stream, and AWS Security Hub. Key Responsibilities
AWS Security Lake Management: Design and implement Security Lake custom sources for OCSF compliance; Configure native AWS log sources (CloudTrail, VPC Flow, GuardDuty, Config, Security Hub); Establish 30-month retention policies for M21-31 federal compliance; Manage Security Lake subscribers and access controls; Implement cross-account log aggregation across Client’s AWS Organization. Cribl Stream Platform Engineering: Deploy and manage Cribl Stream workers on AWS EKS; Develop OCSF transformation pipelines for event normalization; Implement intelligent data routing and cost optimization strategies; Configure advanced data sampling and filtering for non-production environments; Build custom parsers for Client-specific log sources and applications; Manage Cribl-to-Security Lake integration with schema validation. AWS Security Hub Integration: Configure Security Hub across all AWS accounts in Client’s organization; Implement custom findings aggregation and correlation rules; Integrate Security Hub with existing SIEM and ticketing systems; Develop automated remediation workflows for common security findings. Multi-Tenant Architecture Design: Implement business unit separation (BHW, DCSP, HSB, DFI, PRF, DAPS, etc.); Design environment-based access controls (Production, Non-Production, Sandbox); Configure role-based access using AWS IAM Identity Center; Establish data classification and handling procedures. OpenSearch Security Analytics: Configure ingestion pipelines from Security Lake; Implement index lifecycle management and retention policies; Build dashboards and alerting rules; Optimize query performance and storage costs; Integrate with Client’s existing SOC workflows. Required Technical Expertise
AWS Security Services (Expert Level) AWS Security Lake: custom sources, OCSF schema, Lake Formation permissions AWS Security Hub: multi-account setup, custom insights, finding aggregation AWS Organizations: SCPs, account management, cross-account access AWS IAM: Identity Center, least-privilege access, cross-account roles AWS CloudTrail: management and data events, multi-region logging AWS Config: compliance rules, remediation actions, conformance packs Cribl Platform (Expert Level) Stream workers, leaders, deployment architectures Parsing, transformation, and routing pipelines OCSF transformation: schema validation, field mapping, error handling Performance optimization: throughput tuning, memory management, scaling Integration patterns: S3, SQS, OpenSearch, Splunk, webhooks Data Engineering & Analytics OpenSearch index management, search optimization, and analytics Parquet/JSON formats and compression optimization AWS Glue crawlers, catalogs, schema evolution Amazon Athena query optimization and partitioning Time-series data management and retention Infrastructure & DevOps AWS EKS: orchestration, scaling, and policies Terraform: IaC, state management, modular design AWS VPC: private connectivity, security groups Monitoring: CloudWatch, AWS X-Ray, performance monitoring CI/CD: GitLab/GitHub Actions, automated testing, deployment pipelines Domain Expertise Requirements
Federal Compliance & Security: M21-31 logging requirements and implementation; FISMA compliance frameworks and controls; Incident response procedures and playbooks; Data classification and handling for government agencies; SOC 2 Type II and FedRAMP considerations Healthcare Sector Knowledge (Preferred): HIPAA compliance and PHI data handling; Healthcare threat landscape and attack patterns; Medical device/IoT threat detection; Healthcare-specific compliance reporting requirements Certifications & Experience
Mandatory Certifications: AWS Certified Security Specialty; One of: AWS Solutions Architect Professional OR AWS DevOps Engineer Professional; Cribl Certified Administrator (or obtainable within 90 days) Preferred Certifications: AWS Certified Advanced Networking Specialty; CISSP; CEH or equivalent; Elasticsearch/OpenSearch Certified Engineer Experience Requirements
Minimum 7 years in security engineering and data platform architecture 3 years with AWS Security Lake & Security Hub 3 years production experience with Cribl Stream 2 years federal/government compliance (M21-31, FISMA, FedRAMP) Best Regards, Ashok Kumar Sr. Talent Acquisition Specialist Email: Web: ;br /> 4229 Lafayette Center Dr, Suite 1880, Chantilly, VA 20151
#J-18808-Ljbffr