OneMain Financial Jobs

Cimarron is seeking* Senior Elastic Stack Data Integration Engineers *to support the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract at either Schriever Space Force Base in the Colorado Springs, CO area or at the Redstone Arsenal in the Huntsville, AL area.

Key Duties:

• Architect, build, and maintain Logstash pipelines to ingest and transform logs from diverse systems, including network devices, servers, cloud services, and security platforms.
• Implement parsing, grok patterns, JSON transformations, conditional routing, enrichment logic, and ECS mapping.
• Optimize pipeline performance, resiliency, and scalability (e.g., persistent queues, pipeline workers, memory tuning, load balancing).
• Ensure all ingested data aligns to ECS (Elastic Common Schema) or internal schema requirements.
• Implement data enrichment workflows (GeoIP, threat intel lookups, metadata injection).
• Validate data completeness, integrity, and fidelity across ingestion flows.
• Maintain and optimize Logstash clusters, including version management, scaling, tuning, and high-availability configurations.
• Manage integrations with Beats, Elastic Agent, Kafka, syslog endpoints, and custom data collectors.
• Monitor ingestion throughput, latency, and error rates; implement proactive alerting and troubleshooting processes.
• Create and maintain technical documentation, including pipeline diagrams, data flow maps, runbooks, and schema references.
• Establish enterprise standards for parsing, enrichment, normalization, and ingestion patterns.
• Support internal and external audits by documenting data handling flows and pipeline logic.
• Work closely with SIEM integration engineers to align pipelines with customer environments and logging requirements.
• Partner with detection engineering teams to ensure data supports analytic coverage and rule development.
• Collaborate with infrastructure and platform operations for deployment, scaling, and reliability engineering.
•  

Required/Desired Skills, Experience, and Education

Required Skills, Experience, and Education:

• Due to facility security requirements, only U.S. citizens are eligible for consideration at this time. 
• Ability to complete a pre-employment background check and drug screening, which will include, but is not limited to, testing for marijuana use.
• This position requires access to federal facilities. Candidates must possess a valid, unexpired Real ID-compliant driver's license or state-issued identification card at the time of hire. If you are unsure whether your ID is Real ID-compliant, please check for the star symbol in the upper portion of your driver's license or state ID.
• Active Secret Clearance.
• Ability to obtain a Top Secret Clearance. 
• 10 or more years of general, full-time work experience.
• 5 or more years of experience in log ingestion, data engineering, or SIEM pipeline development.
• 2 or more years of experience in a lead or senior role, mentoring and guiding other team members.
• Strong background in Elastic Stack components (Elasticsearch, Kibana, Beats, Elastic Agent).
• Experience with data ingestion, processing, and enrichment techniques.
• Hands-on experience ingesting, processing, and normalizing diverse log types (Windows events, syslog, firewall logs, cloud telemetry, security tooling).
• Proficient with Linux administration, system-level debugging, and CLI-based operations.
• Have a DoD 8570.01-M IAT Level II certification with Continuing Education (CE) - (CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP).

Desired Skills, Experience, or Education:

• Be an Elastic Certified Engineer or have relevant Elastic Stack certifications.
• Experience integrating Kafka, Redis, or other message bus technologies into ingestion workflows.
• Proficient with scripting in Python, ash, or PowerShell for automation and data validation.
• Experience designing geo-distributed or multi-cluster ingestion architectures.
• Knowledge of threat intelligence ingestion, correlation data enrichment, and advanced ECS mapping.
• Experience with CI/CD pipelines, GitOps workflows, or Infrastructure-as-Code (Terraform, Ansible).
• Familiar with data quality assurance frameworks and pipeline testing methodologies.
• Knowledge of cloud-native logging architectures (AWS Firehose, Azure Event Hub, GCP Logging).

Business Profile:

Cimarron is a global solutions company with a strategic partnering approach to satisfying customer-driven requirements. We ensure customer success with a modern approach and experienced leadership. Driven by an entrepreneurial spirit, Cimarron is fueled by highly skilled employees, developing new innovative technologies, and delivering superior products and services. We believe in recognizing employees' worth by offering competitive salaries and benefits, including health, dental, and vision insurance, 401(k) contributions, educational reimbursement, and much more. From company communication through Company-wide information meetings led by our President and CEO, to an Awards program designed to recognize our amazing employees and their accomplishments, you will not only feel like you are a part of a team, you will be a valued member of the Cimarron family. Cimarron is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or any other characteristic protected by federal, state, or local law.