SIEM Lead/Cybersecurity Engineer

Elastic SIEM Lead/Cybersecurity Engineer /Information Security


Job Title: Senior Cybersecurity Engineer /Information Security/ Elastic SIEM Lead



Location: REMOTE



Duration: Long Time






Job Description :-






Experience





10-12 years of overall experience in Cybersecurity / Information Security

5-6 years of hands-on experience with Elastic Stack (ELK / Elastic Security)

Monitoring and Investigation experience is required








Job Summary



We are seeking a highly experienced Cybersecurity professional with deep expertise in Elastic SIEM and security analytics. The role involves designing, implementing, and managing Elastic-based security monitoring solutions, leading threat detection initiatives, and supporting incident response and SOC operations across enterprise environments.






Key Responsibilities



Elastic SIEM & Security Operations





Design, deploy, and manage Elastic Stack (Elasticsearch, Logstash, Kibana, Beats / Elastic Agent)

Implement and maintain Elastic Security (SIEM & EDR) solutions

Develop, tune, and optimize detection rules, alerts, and dashboards

Map detections to MITRE ATT&CK framework

Perform log onboarding for security devices, servers, endpoints, and cloud platforms





Threat Detection & Incident Response





Monitor and analyze security events to identify threats, anomalies, and intrusions

Lead incident investigations, root cause analysis, and forensic activities

Support SOC teams with advanced threat hunting using Elastic

Reduce false positives and improve detection accuracy





Log Management & Data Engineering





Build and optimize log ingestion pipelines using Logstash and Ingest Pipelines

Normalize and enrich security data from multiple sources

Ensure scalability, performance tuning, and index lifecycle management (ILM)





Cloud & Endpoint Security





Integrate Elastic with AWS / Azure / Google Cloud Platform security logs

Monitor Kubernetes, containers, and cloud-native workloads

Implement and manage Elastic Endpoint Security (EDR)





Leadership & Collaboration





Act as technical lead for Elastic SIEM initiatives

Mentor junior analysts and engineers

Work closely with SOC, IR, DevOps, and compliance teams

Support audits, risk assessments, and compliance requirements








Required Skills & Qualifications



Technical Skills





Strong expertise in Elastic Stack (ELK) and Elastic Security

Experience with SIEM, SOC operations, and threat hunting

Proficiency in Linux, networking, TCP/IP, DNS, HTTP

Scripting skills (Python, Bash, or similar)

Experience with REST APIs and JSON

Strong understanding of attack vectors, malware, and adversary tactics





Security Knowledge





Incident response & digital forensics

Threat intelligence and use case development

MITRE ATT&CK, kill chain, IOC management

Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS - preferred)





Preferred / Nice to Have





Elastic Certified Engineer / Analyst

Experience with Splunk, QRadar, or other SIEMs

Cloud security certifications (AWS/Azure/Google Cloud Platform)

CISSP, GCIA, GCIH, or similar certifications