Proclink - ElasticSearch Engineer - SIEM Tools (5-10 yrs)

Job Summary :

We are seeking an experienced Elastic Search Engineer to work on the deployment and management of our new SIEM instance in AWS.

The ideal candidate will possess extensive experience in enterprise-level Elastic Search cluster setups, AWS cloud environments, and a deep understanding of SIEM architecture.

This role requires expertise in data ingestion, AI assistance integration, and the ability to support stakeholders effectively.

The candidate should have a proactive approach, demonstrate problem-solving skills, and be capable of prioritizing and delivering critical tasks efficiently.

Key Responsibilities :

- Elastic Search Setup and Maintenance: Design, deploy, and maintain Elastic Search clusters according to enterprise standards in AWS environments. Utilize AWS CLI and commands for optimal cloud resource management.

- Data Ingestion and Integration :

- Develop strategies to onboard data into Elastic using Elastic agents, Logstash, or custom APIs.

- Provide custom data onboarding solutions when standard methods do not suffice.

- Work independently with application teams to ensure data is onboarded in a standardized way that will not cause issues in the future.

- AI Integration: Implement AI-powered capabilities in Elastic to enhance anomaly detection, predictive analytics, and automated alerting.

- Develop search and security solutions using ElasticSearch, including adding data and leveraging AI tools for search, vectorization, and visualization.

- Utilize ElasticSearch's API, web crawler connectors, and language clients for advanced data processing.

- Proactive Stakeholder Support : Collaborate closely with stakeholders to resolve any issues related to the Elastic platform.

- Proactively identify improvements and stay ahead of critical tasks, ensuring seamless operations.

- Documentation and Compliance : Document architecture, data sources, configurations, and integration processes.

- Maintain clear records of activities, ensuring compliance with industry standards.

- Elastic Roles Management :

- Regularly review and manage user roles within Elastic, ensuring access levels are appropriate and secure. Lead clean-up initiatives to restrict unnecessary admin privileges.

- Syslog Setup: Design and implement solutions, including setting up Syslog servers to obfuscate PII data before indexing it into Elastic.

- Automation: Create robust automation scripts to streamline processes and automate Elastic Search cluster management. Experience with GitHub deployment processes to automate CI/CD pipelines.

- Custom Development: Develop and deploy APIs for efficient data onboarding and adapt out-of-the-box solutions to meet complex business needs. Leverage tools like Docker and OpenShift to host Elastic Agents for seamless integrations.

- Gap Analysis and Optimization: Perform ongoing gap analysis for SIEM detections and logging capabilities, fine-tuning and optimizing their performance for improved efficiency.

- Cross-Tool Management: Learn and manage additional tools such as Devo and Key Caliber if no prior experience. Work with these tools to create a seamless SIEM environment.

- Collaborate and Mentor: Build and maintain strong working relationships with IT engineering, security, and other stakeholders. Mentor junior engineers and work closely with external vendors to troubleshoot and resolve issues.

- Incident Handling and Alerts: Assist in developing alerting mechanisms based on tactics, techniques, and procedures (TTPs) associated with cyber threats.

- Cluster Design and Architecture: Design Elastic Search clusters for scalability, high availability, redundancy, and data partitioning. Choose appropriate node types, configure shard allocations, and design indexing strategies for optimal performance.

- Cluster Maintenance and Performance Optimization: Monitor the Elastic cluster using tools like Kibana and Grafana. Conduct capacity planning, shard rebalancing, and performance tuning to ensure optimal performance.

- Incident Handling and Troubleshooting: Troubleshoot and diagnose cluster issues, including master node failures, split-brain scenarios, and indexing performance bottlenecks. Set up alerting mechanisms to detect and mitigate potential issues.

Required Skills and Experience:

- Elastic Search Expertise: Minimum 5-8 years of experience setting up and maintaining Elastic Search clusters at an enterprise level.

- AWS Cloud Experience: Strong experience working in AWS environments, with proficiency in AWS CLI, EC2, IAM, and related AWS services.

- SIEM and Security Experience: At least 2-3 years of experience working in IT Security, with exposure to Security Information and Event Management (SIEM)

- Data Onboarding and Custom API Development: Proven experience in custom API development, Elastic agent and Logstash onboarding, and overcoming data ingestion challenges.

- Scripting Skills: Proficiency in Python, PowerShell, Bash, or other scripting languages to automate tasks and streamline operations.

- Syslog Management: Experience setting up and maintaining syslog servers, with the ability to obfuscate sensitive data before ingestion.

- Observability Tools: Familiarity with Docker and OpenShift, particularly in the context of monitoring and logging.

- Problem Solving and Out-of-the-Box Thinking: Ability to develop workarounds and custom solutions for non-standard use cases without relying on immediate out-of-the-box solutions.

- Documentation Skills: Demonstrated ability to maintain detailed and organized documentation of configurations, processes, and incidents.

- Stakeholder Engagement: Ability to work closely with IT teams, business stakeholders, and vendors to ensure effective communication, efficient troubleshooting, and the delivery of quality results.

- Proactive and Adaptable: A proactive mindset with a strong ability to prioritize tasks, stay ahead of potential issues, and respond quickly to urgent requests.

Preferred Skills :

- Bachelor's degree in information technology, Cybersecurity, or a related field.

- Experience integrating applications such as CrowdStrike, Azure, GitHub, Filebeat, etc., with Elastic.

- Familiarity with Azure and other SIEM platforms.

- Experience with SOAR platforms and authoring security runbooks.

- Strong understanding of cyber threat tactics, techniques, and procedures.

- Ability to create visualizations and reports to generate actionable insights using Elastic Stack and other internal tools.

Why Join Us?

- Be at the forefront of SIEM and cybersecurity technology by working on a state-of-the-art Elastic Search deployment.

- Collaborate with cross-functional teams, industry experts, and gain exposure to advanced observability and security automation tools.

- Contribute to a culture that values proactive problem-solving, learning, and continuous improvement.