Proclink - ElasticSearch Engineer - SIEM (5-8 yrs)

Job Title : Elastic search engineer.

Job Summary :

We are seeking an experienced Elastic Search Engineer to work on the deployment and management of our new SIEM instance in AWS.

The ideal candidate will possess extensive experience in enterprise-level Elastic Search cluster setups, AWS cloud environments, and a deep understanding of SIEM architecture.

This role requires expertise in data ingestion, AI assistance integration, and the ability to support stakeholders effectively.

The candidate should have a proactive approach, demonstrate problem-solving skills, and be capable of prioritizing and delivering critical tasks efficiently.

Key Responsibilities :

Elastic Search Setup and Maintenance :

- Design, deploy, and maintain Elastic Search clusters according to enterprise standards in AWS environments.

- Utilize AWS CLI and commands for optimal cloud resource management.

Data Ingestion and Integration :

- Develop strategies to onboard data into Elastic using Elastic agents, Logstash, or custom APIs.

- Provide custom data onboarding solutions when standard methods do not suffice.

- Work independently with application teams to ensure data is onboarded in a standardized way that will not cause issues in the future.

AI Integration :

- Implement AI-powered capabilities in Elastic to enhance anomaly detection, predictive analytics, and automated alerting.

- Develop search and security solutions using ElasticSearch, including adding data and leveraging AI tools for search, vectorization, and visualization.

- Utilize ElasticSearch's API, web crawler connectors, and language clients for advanced data processing.

Proactive Stakeholder Support :

- Collaborate closely with stakeholders to resolve any issues related to the Elastic platform.

- Proactively identify improvements and stay ahead of critical tasks, ensuring seamless operations.

Documentation and Compliance :

- Document architecture, data sources, configurations, and integration processes.

- Maintain clear records of activities, ensuring compliance with industry standards.

Elastic Roles Management :

- Regularly review and manage user roles within Elastic, ensuring access levels are appropriate and secure.

- Lead clean-up initiatives to restrict unnecessary admin privileges.

Syslog Setup :

- Design and implement solutions, including setting up Syslog servers to obfuscate PII data before indexing it into Elastic.

Automation :

- Create robust automation scripts to streamline processes and automate Elastic Search cluster management.

- Experience with GitHub deployment processes to automate CI/CD pipelines.

Custom Development :

- Develop and deploy APIs for efficient data onboarding and adapt out-of-the-box solutions to meet complex business needs.

- Leverage tools like Docker and OpenShift to host Elastic Agents for seamless integrations.

Gap Analysis and Optimization :

- Perform ongoing gap analysis for SIEM detections and logging capabilities, fine-tuning and optimizing their performance for improved efficiency.

Cross-Tool Management :

- Learn and manage additional tools such as Devo and Key Caliber if no prior experience.

- Work with these tools to create a seamless SIEM environment.

Collaborate and Mentor :

- Build and maintain strong working relationships with IT engineering, security, and other stakeholders.

- Mentor junior engineers and work closely with external vendors to troubleshoot and resolve issues.

Incident Handling and Alerts :

- Assist in developing alerting mechanisms based on tactics, techniques, and procedures (TTPs) associated with cyber threats.

Cluster Design and Architecture :

- Design Elastic Search clusters for scalability, high availability, redundancy, and data partitioning.

- Choose appropriate node types, configure shard allocations, and design indexing strategies for optimal performance.

Cluster Maintenance and Performance Optimization :

- Monitor the Elastic cluster using tools like Kibana and Grafana.

- Conduct capacity planning, shard rebalancing, and performance tuning to ensure optimal performance.

Incident Handling and Troubleshooting :

- Troubleshoot and diagnose cluster issues, including master node failures, split-brain scenarios, and indexing performance bottlenecks.

- Set up alerting mechanisms to detect and mitigate potential issues.

Required Skills and Experience :

- Elastic Search Expertise : Minimum 5-8 years of experience setting up and maintaining Elastic Search clusters at an enterprise level.

- AWS Cloud Experience : Strong experience working in AWS environments, with proficiency in AWS CLI, EC2, IAM, and related AWS services.

- SIEM and Security Experience : At least 2-3 years of experience working in IT Security, with exposure to Security Information and Event Management (SIEM).

- Data Onboarding and Custom API Development : Proven experience in custom API development, Elastic agent and Logstash onboarding, and overcoming data ingestion challenges.

- Scripting Skills : Proficiency in Python, PowerShell, Bash, or other scripting languages to automate tasks and streamline operations.

- Syslog Management : Experience setting up and maintaining syslog servers, with the ability to obfuscate sensitive data before ingestion.

- Observability Tools : Familiarity with Docker and OpenShift, particularly in the context of monitoring and logging.

- Problem Solving and Out-of-the-Box Thinking : Ability to develop workarounds and custom solutions for non-standard use cases without relying on immediate out-of-the-box solutions.

- Documentation Skills : Demonstrated ability to maintain detailed and organized documentation of configurations, processes, and incidents.

- Stakeholder Engagement : Ability to work closely with IT teams, business stakeholders, and vendors to ensure effective communication, efficient troubleshooting, and the delivery of quality results.

- Proactive and Adaptable : A proactive mindset with a strong ability to prioritize tasks, stay ahead of potential issues, and respond quickly to urgent requests.

Preferred Skills :

- Bachelor's degree in information technology, Cybersecurity, or a related field.

- Experience integrating applications such as CrowdStrike, Azure, GitHub, Filebeat, etc., with Elastic.

- Familiarity with Azure and other SIEM platforms.

- Experience with SOAR platforms and authoring security runbooks.

- Strong understanding of cyber threat tactics, techniques, and procedures.

- Ability to create visualizations and reports to generate actionable insights using Elastic Stack and other internal tools.

Why Join Us ?

- Be at the forefront of SIEM and cybersecurity technology by working on a state-of-the-art Elastic Search deployment.

- Collaborate with cross-functional teams, industry experts, and gain exposure to advanced observability and security automation tools.

- Contribute to a culture that values proactive problem-solving, learning, and continuous improvement.