Job Description:
The Elastic SIEM Engineer will oversee the end-to-end design, deployment, management, and optimization of the Elastic SIEM solution, leveraging Elastic Cloud Enterprise (ECE) or Elastic Cloud on Kubernetes (ECK) on-premises and in the cloud. By utilizing Elastic's serverless capabilities on major cloud platforms, the engineer will be crucial in advancing threat detection, incident response, and security monitoring. This position requires a strong understanding of Elastic’s latest technologies across environments and is critical in ensuring a proactive and resilient security posture for the organization.
Responsibilities:
1. Elastic SIEM Architecture & Deployment: Design, deploy, and maintain Elastic SIEM solutions across ECE-OnPrem, ECE-Cloud, ECK-OnPrem, and ECK-Cloud environments, ensuring high availability, scalability, and resilience.
2. Content Development & Tuning: Develop and optimize detection rules, queries, and alerts within Elastic SIEM to enhance threat detection, covering multi-cloud, hybrid, and serverless environments.
3. Log Collection & Ingestion Strategy: Design efficient and secure log ingestion pipelines across various platforms, including serverless architectures and primary cloud services. This includes configuring log parsing, enrichment, and normalization.
4. Dashboard & Visualization Customization: Create and refine custom Kibana dashboards, visualizations, and reports, enabling real-time insights into security events, trends, and incident response metrics tailored for diverse infrastructure environments.
5. Tool Integration & API Automation: Integrate Elastic SIEM with other security tools and external data sources. Develop API-based automation workflows and scripts to streamline operations and enhance threat intelligence capabilities.
6. Performance Monitoring & Optimization: Monitor and optimize the performance of Elastic SIEM solutions, tuning components for efficiency and scaling in line with evolving operational demands across on-premises, cloud, and serverless environments.
7. Security Best Practices & Compliance: Implement security best practices to uphold data confidentiality, integrity, and compliance within Elastic SIEM deployments, adhering to industry regulations and organizational policies.
8. Cross-Functional Collaboration: Work closely with cross-functional teams—security analysts, network engineers, and system administrators—to support incident response and enhance situational awareness across environments.
9. Training & Knowledge Transfer: Mentor junior team members and provide knowledge transfer sessions on Elastic SIEM configuration, optimization, and troubleshooting, ensuring team readiness and resilience.
Requirements: • Educational Background: Bachelor’s degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., Elastic Certified Engineer, CompTIA Security+) are preferred.
• Minimum Experience: 4-5 years of proven experience in designing, implementing, and managing Elastic SIEM solutions, particularly in ECE and ECK environments across on-prem, cloud, and serverless infrastructures. Candidates should also have solid networking knowledge for both on-premises and cloud environments, including an understanding of network architecture, protocols, firewalls, load balancers, and VPNs.
• Technical Proficiency: Strong expertise in Elasticsearch, Kibana, Beats, Logstash, and other Elastic Stack components, with proficiency in scripting (e.g., Python, PowerShell) for automation and customizations.
• Security Framework Knowledge: Familiarity with security frameworks, compliance standards, and regulatory requirements, with the ability to align SIEM operations to these standards.
• Analytical Skills: Exceptional analytical and problem-solving skills, with a proactive approach to identifying, mitigating, and preventing security risks in dynamic environments.
Note: Candidates will be required to complete a practical assessment before the technical interview. This assessment will evaluate hands-on skills with Elastic SIEM solutions, including ECE-OnPrem, ECE-Cloud, ECK-OnPrem, and ECK-Cloud. The evaluation aims to gauge the candidate's ability to perform real-world tasks relevant to the role, including configuration, log ingestion, detection tuning, and performance optimization across different environments. This role is ideal for an experienced Elastic SIEM Engineer who excels in complex deployments and wants to contribute to a cutting-edge security environment across traditional and serverless infrastructures