Cybersecurity Consultant with Elastic Stack
Remote Work
Experience
1012 years of overall experience in Cybersecurity / Information Security
56 years of hands-on experience with Elastic Stack (ELK / Elastic Security)
Monitoring and Investigation experience is required
Job Summary: We are seeking a highly experienced Cybersecurity professional with deep expertise in Elastic SIEM and security analytics. The role involves designing, implementing, and managing Elastic-based security monitoring solutions, leading threat detection initiatives, and supporting incident response and SOC operations across enterprise environments.
Key Responsibilities
Elastic SIEM & Security Operations
Design, deploy, and manage Elastic Stack (Elasticsearch, Logstash, Kibana, Beats / Elastic Agent)
Implement and maintain Elastic Security (SIEM & EDR) solutions
Develop, tune, and optimize detection rules, alerts, and dashboards
Map detections to MITRE ATT&CK framework
Perform log onboarding for security devices, servers, endpoints, and cloud platforms
Threat Detection & Incident Response
Monitor and analyze security events to identify threats, anomalies, and intrusions
Lead incident investigations, root cause analysis, and forensic activities
Support SOC teams with advanced threat hunting using Elastic
Reduce false positives and improve detection accuracy
Log Management & Data Engineering
Build and optimize log ingestion pipelines using Logstash and Ingest Pipelines
Normalize and enrich security data from multiple sources
Ensure scalability, performance tuning, and index lifecycle management (ILM)
Cloud & Endpoint Security
Integrate Elastic with AWS / Azure / Google Cloud Platform security logs
Monitor Kubernetes, containers, and cloud-native workloads
Implement and manage Elastic Endpoint Security (EDR)
Leadership & Collaboration
Act as technical lead for Elastic SIEM initiatives
Mentor junior analysts and engineers
Work closely with SOC, IR, DevOps, and compliance teams
Support audits, risk assessments, and compliance requirements
Required Skills & Qualifications
Technical Skills
Strong expertise in Elastic Stack (ELK) and Elastic Security
Experience with SIEM, SOC operations, and threat hunting
Proficiency in Linux, networking, TCP/IP, DNS, HTTP
Scripting skills (Python, Bash, or similar)
Experience with REST APIs and JSON
Strong understanding of attack vectors, malware, and adversary tactics
Security Knowledge
Incident response & digital forensics
Threat intelligence and use case development
MITRE ATT&CK, kill chain, IOC management
Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS preferred)
Preferred / Nice to Have
Elastic Certified Engineer / Analyst
Experience with Splunk, QRadar, or other SIEMs
Cloud security certifications (AWS/Azure/Google Cloud Platform)
CISSP, GCIA, GCIH, or similar certifications
Soft Skills
Strong analytical and problem-solving skills
Ability to work in high-pressure incident situations
Excellent communication and documentation skills
Leadership and mentoring mindset
Never miss an opportunity! Create an alert based on the job you applied for.
