Cyber Security & Elastic Developer (2-15 yrs)

6-12 months Contractual role

Elastic Stack Management :

- Design, implement, and optimize Elasticsearch clusters for performance, scalability, and security.

- Manage Kibana for data visualization and reporting, creating dashboards and visualizations for security event monitoring.

- Implement Logstash pipelines for data ingestion and processing from multiple sources.

- Develop and maintain Beats for collecting data from servers, cloud environments, and other systems.

Cybersecurity Development :

- Design and implement security solutions that leverage the Elastic Stack to detect, respond to, and mitigate security threats.

- Use Elastic Security for intrusion detection, event monitoring, and threat hunting across systems.

- Integrate Elastic Stack with other cybersecurity tools (IDS/IPS, firewalls, antivirus software, etc.) to gather and analyze security data.

- Develop automated scripts and workflows for incident response, using data stored in Elasticsearch.

Monitoring & Alerting :

- Integrate New Relic and Datadog to monitor system performance, security events, and application health.

- Set up performance and security alerting mechanisms across systems and services using Datadog and New Relic.

- Build custom monitoring and alerting solutions for security-critical applications.

Splunk Integration :

- Configure and integrate Splunk for centralized log aggregation, searching, and alerting.

- Build custom Splunk dashboards and searches to monitor security and system events.

- Work with Splunk to develop security incident detection rules and integrate data sources for enhanced monitoring.

Data Analytics & Threat Intelligence :

- Analyze log data and security events from multiple tools (Elastic Stack, Splunk, Datadog, New Relic) to identify patterns and potential security threats.

- Leverage threat intelligence feeds and correlate with system logs to detect Indicators of Compromise (IoC) and abnormal behavior.

- Perform proactive security assessments and threat hunting using Elasticsearch queries and Kibana visualizations.

Collaboration and Documentation :

- Work closely with the security operations team to ensure that security data is captured, analyzed, and reported accurately.

- Provide training and support to other teams on the use of Elastic Stack, Splunk, New Relic, and Datadog for security operations.

- Maintain documentation for security monitoring systems, processes, and procedures.

Required Skills & Qualifications :

- Proven experience working with the Elastic Stack (Elasticsearch, Logstash, Kibana, Beats) in a security context.

- Solid understanding of cybersecurity principles, including SIEM (Security Information and Event Management), threat detection, vulnerability management, and incident response.

- Experience integrating New Relic, Datadog, and Splunk with monitoring and logging systems.

- Expertise in using Elasticsearch for data analysis, querying, and creating dashboards.

- Experience writing custom Logstash pipelines and Kibana visualizations for security data.

- Hands-on experience in threat hunting, anomaly detection, and incident response using Elastic Security and other security monitoring tools.

- Familiarity with Linux/Unix systems, scripting (Python, Bash, etc.), and automation tools.

- Experience with security frameworks such as MITRE ATT&CK, OWASP, and industry compliance standards (e.g., NIST, GDPR).

- Strong troubleshooting, problem-solving, and analytical skills.

Desired Skills :

- Experience with cloud security monitoring tools (AWS, Azure, GCP).

- Familiarity with containerized environments (Docker, Kubernetes) and monitoring them with Elastic and Datadog.

- Understanding of network security protocols and the ability to analyze network traffic logs.

- Experience with machine learning or advanced analytics for detecting security anomalies.

- Knowledge of vulnerability scanning and patch management tools.