Apply on Employer Site

Amentum · 12 hours ago

Senior Elastic Stack Data Integration Engineer IRES - SSFB/HSV

Fort Carson, CO

Full-time

Onsite

Senior Level, Lead/Staff

$130K/yr - $150K/yr

10+ years exp

Amentum is a company supporting the Missile Defense Agency on the Integrated Research and Development for Enterprise Solutions contract. They are seeking a Senior Elastic Stack Data Integration Engineer to design, build, and maintain data ingestion pipelines for Elastic SIEM, ensuring the reliable delivery of high-fidelity data to Elasticsearch.

Mechanical EngineeringSecurityTechnical Support

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Serve as the primary technical authority for designing, building, and maintaining data ingestion pipelines supporting Elastic SIEM

Focus on creating scalable, resilient Logstash architectures

Develop advanced pipeline logic

Normalize, enrich, and transform security telemetry

Ensure reliable delivery of high-fidelity data to Elasticsearch

Architect, build, and maintain Logstash pipelines to ingest and transform logs from diverse systems, including network devices, servers, cloud services, and security platforms

Implement parsing, grok patterns, JSON transformations, conditional routing, enrichment logic, and ECS mapping

Optimize pipeline performance, resiliency, and scalability (e.g., persistent queues, pipeline workers, memory tuning, load balancing)

Ensure all ingested data aligns to ECS (Elastic Common Schema) or internal schema requirements

Implement data enrichment workflows (GeoIP, threat intel lookups, metadata injection)

Validate data completeness, integrity, and fidelity across ingestion flows

Maintain and optimize Logstash clusters, including version management, scaling, tuning, and high-availability configurations

Manage integrations with Beats, Elastic Agent, Kafka, syslog endpoints, and custom data collectors

Monitor ingestion throughput, latency, and error rates; implement proactive alerting and troubleshooting processes

Create and maintain technical documentation, including pipeline diagrams, data flow maps, runbooks, and schema references

Establish enterprise standards for parsing, enrichment, normalization, and ingestion patterns

Support internal and external audits by documenting data handling flows and pipeline logic

Work closely with SIEM integration engineers to align pipelines with customer environments and logging requirements

Partner with detection engineering teams to ensure data supports analytic coverage and rule development

Collaborate with infrastructure and platform operations for deployment, scaling, and reliability engineering

Qualification

Logstash architectureElastic Stack componentsData ingestion techniquesData processingEnrichmentPython scriptingKafka integrationCI/CD pipelinesCloud-native loggingAttention to detailCommunication skillsTeam collaborationMentoring skills

Required

Must have 10, or more, years of general (full-time) work experience

Must have 5, or more, years of experience in log ingestion, data engineering, or SIEM pipeline development

Must have 2, or more, years of experience working in a management or leadership role, mentoring and guiding other team members

Must have a strong background in Elastic Stack components (Elasticsearch, Kibana, Beats, Elastic Agent)

Must have experience with data ingestion, processing, and enrichment techniques

Must have hands-on experience ingesting, processing, and normalizing diverse log types (Windows events, syslog, firewall logs, cloud telemetry, security tooling)

Must be proficient with Linux administration, system-level debugging, and CLI-based operations

Must have a DoD 8570.01-M IAT Level II certification with Continuing Education (CE) - (CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP)

Must have an active DoD Secret Security Clearance

Must be able to obtain an active DoD Top Secret Security Clearance

Preferred

Be an Elastic Certified Engineer or have relevant Elastic Stack certifications

Have strong experience integrating Kafka, Redis, or other message bus technologies into ingestion workflows

Be proficient with scripting in Python, Bash, or PowerShell for automation and data validation

Have experience designing geo-distributed or multi-cluster ingestion architectures

Have knowledge of threat intelligence ingestion, correlation data enrichment, and advanced ECS mapping

Have experience with CI/CD pipelines, GitOps workflows, or Infrastructure-as-Code (Terraform, Ansible)

Be familiar with data quality assurance frameworks and pipeline testing methodologies

Have knowledge of cloud-native logging architectures (AWS Firehose, Azure Event Hub, GCP Logging)

Benefits

Flexible work schedules

Educational reimbursement

Retirement benefits (401K match)

Employee stock purchase plan

Health benefits

Tax saving options

Disability benefits

Life and accident insurance

Voluntary benefits

Paid time off

Paid holidays

Parental leave

Health, dental, and vision insurance

Paid time off and holidays

Retirement benefits (including 401(k) matching)

Educational reimbursement

Parental leave

Employee stock purchase plan

Tax-saving options

Disability and life insurance

Pet insurance

Company

Amentum

Glassdoor3.5

Amentum is a technology and engineering company for security, defense, and energy.

Founded in 2020

Germantown, Maryland, USA

10001+ employees

https://www.amentum.com/

Funding

Current Stage

Public Company

Total Funding

$321.16M

2025-03-12Post Ipo Secondary· $321.16M

2024-09-27IPO

2020-01-01Private Equity

Leadership Team

Ajay Nagar

Vice President

Darren Burton

Chief People Officer

Recent News

Business Wire

Amentum Delivers Advanced Engineering for Key Artemis II Launch Rehearsal

2025-12-29

Washington Technology

Intel's government hires and more leadership moves across the market

2025-12-20

thefly.com

Amentum wins $120M Defense Information Systems Agency computer processing award

2025-12-09

Company data provided by crunchbase