Job Summary
Security Senior Specialist ElasticSearch / Elastic SIEM
Own ElasticSearch / Elastic Security architecture, platform maturity, content standards, and SOC engineering roadmap. Design detection use cases covering trigger events, required data sources, correlation logic, severity mapping, response steps, and audit documentation. Lead onboarding of CUSTOMER and non-CUSTOMER applications, infrastructure, endpoint, network, proxy, firewall, cloud, and identity logs into Elastic. Create and govern Elastic detection rules, Kibana dashboards, alert workflows, data views, cases, and reporting packs. Optimize ingestion pipelines, parsing, enrichment, mappings, index templates, data streams, retention, and ILM policies. Tune detection rules to reduce false positives and improve alert fidelity without losing security coverage. Support advanced investigation and forensic log analysis using Elastic timelines, dashboards, Discover, KQL, Lucene, and DSL. Collaborate with SOC, IR, application, infrastructure, and CUSTOMER stakeholders for onboarding, troubleshooting, and service improvement. Contribute to monthly reporting on onboarding progress, alert quality, SLA/KPI performance, and detection effectiveness.
Certifications Preferred \\\\r\\\\nElastic Certified Engineer / Analyst, GCIH, CompTIA CySA+, Security+, CSA, CEH, Microsoft SC-200, AWS/Azure/GCP Security certifications.
Key Responsibilities
Own ElasticSearch / Elastic Security architecture, platform maturity, content standards, and SOC engineering roadmap. Design detection use cases covering trigger events, required data sources, correlation logic, severity mapping, response steps, and audit documentation. Lead onboarding of CUSTOMER and non-CUSTOMER applications, infrastructure, endpoint, network, proxy, firewall, cloud, and identity logs into Elastic. Create and govern Elastic detection rules, Kibana dashboards, alert workflows, data views, cases, and reporting packs. Optimize ingestion pipelines, parsing, enrichment, mappings, index templates, data streams, retention, and ILM policies. Tune detection rules to reduce false positives and improve alert fidelity without losing security coverage. Support advanced investigation and forensic log analysis using Elastic timelines, dashboards, Discover, KQL, Lucene, and DSL. Collaborate with SOC, IR, application, infrastructure, and CUSTOMER stakeholders for onboarding, troubleshooting, and service improvement. Contribute to monthly reporting on onboarding progress, alert quality, SLA/KPI performance, and detection effectiveness.
Skill Requirements
Elastic Stack : ElasticSearch, Kibana, Elastic Security, Logstash, Beats, Elastic Agent, Fleet Query / Detection : KQL, Lucene, ElasticSearch DSL, EQL, detection rules, correlations, timelines, cases Engineering :Ingest pipelines, Logstash pipelines, parsing/enrichment, mappings, index templates, data streams, ILM, retention SOC / Security :Alert triage, detection engineering, MITRE ATT&CK; mapping, false-positive reduction, threat hunting Enterprise Logs : CUSTOM /Java logs, application logs, firewall, proxy, DNS, VPN, endpoint, cloud and identity logs Workflow :ServiceNow, Jira, audit-ready documentation, SOPs, handover notes, KPI/SLA reporting
Other Requirements
: Preferred Skills Splunk / SAP Enterprise Threat Detection / Microsoft Sentinel exposure. EDR tools: CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Carbon Black. Threat intelligence platforms: MISP, ThreatConnect, Anomali. Cloud security logs and monitoring across AWS, Azure, or GCP. Wireshark, Zeek/Bro, Kubernetes security, DevSecOps pipelines, Python/PowerShell/Bash automation. Forensic tooling awareness: Volatility, FTK, Autopsy.