Job Title

Position Summary:We are seeking a highly skilled and experienced Senior SIEM Engineer with deep expertise in Elastic SIEM to join our cybersecurity team. This is a hands-on role responsible for architecting, deploying, administering, and developing security content and use cases in Elastic SIEM to support threat detection and incident response initiatives. The ideal candidate will have a solid foundation in cybersecurity operations, strong engineering skills, and a passion for developing advanced detection logic and correlation rules in Elastic Stack.Key Responsibilities:Lead the design, implementation, tuning, and administration of Elastic SIEM/Elastic Stack (Elasticsearch, Logstash, Kibana, Beats) in enterprise environments.Work on ECU and license optimization efforts to save costs.Develop advanced correlation rules, detection logic, dashboards, and visualizations within Elastic SIEM.Build and maintain custom parsers, log ingestion pipelines, and data enrichment mechanisms using Logstash, Beats, and Elastic Agent.Engineer and maintain log collection from diverse data sources: firewalls, endpoints, servers, cloud platforms, applications, and network devices.Integrate Elastic SIEM with threat intelligence feeds and develop use cases for TTP detection aligned with MITRE ATT&CK framework.Continuously optimize performance, scalability, and availability of the SIEM platform.Collaborate with SOC, Incident Response, and Threat Intel teams to understand requirements and transform them into actionable use cases.Troubleshoot and resolve ingestion, parsing, and indexing issues.Support compliance reporting, data retention, and audit requirements (HIPAA, PCI-DSS, SOX, NIST, etc.).Document configurations, use cases, operational runbooks, and architectural changes.Partner with peers in Elastic SIEM concepts, query development, and best practices.Required Qualifications:Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field. Master’s preferred.5+ years of experience in cybersecurity, with at least 2 years focused on Elastic SIEM/ELK Stack in a hands-on engineering role.Proficient in EQL, Linux, Logstash filter syntax, YAML, and JSON.Hands-on experience with Beats (Filebeat, Metricbeat, etc.), Elastic Agent, and Logstash pipelines.Strong knowledge of information security concepts, attack vectors, and incident response workflows.Experience in Elastic SIEM integration with SOAR, ticketing tools, cloud platforms (AWS, Azure), and security controls.Some scripting experience in Python, Bash, or PowerShell for automation and data manipulation.Excellent problem-solving skills and the ability to work independently or as part of a team.Preferred Qualifications:Elastic Certified Engineer or related certification.Experience with Elastic Security App, Fleet, and Endpoint Integration.Prior experience in building and tuning SIEM solutions in hybrid environments (on-prem and cloud).