SIEM Security Engineer (ELK)

Project Description:

We are looking for an experienced SIEM Security Engineer specializing in the Elastic Stack (ELK) to join our team. You will maintain and enhance our large-scale Elasticsearch-based SIEM infrastructure, ensuring optimal performance, security, and availability. You will also support the Security Operations team by providing technical expertise, troubleshooting, and acting as an escalation point.

Requirements:

• Strong knowledge of Linux operating systems (RHEL, CentOS).
• Expert-level experience with the Elastic Stack (Elasticsearch, Logstash, Kibana, Beats).
• Proficiency with configuration and deployment management tools (e.g., Ansible).
• Solid understanding of data center infrastructure components (LAN/WAN, storage technologies like DRBD, physical and virtual servers, DNS, NTP, Active Directory).
• Experience managing Linux clustering solutions (Pacemaker, Zookeeper).
• Practical experience with Apache (httpd) web servers.
• Familiarity with Apache Kafka.
• Understanding of Public Key Infrastructure (PKI).
• Excellent communication skills and fluency in English (spoken and written).

Nice to have:

• Coding skills in Python, Bash, or Ruby.
• Elastic Certified Engineer certification.
• Familiarity with Atlassian tools and ITIL methodologies.

Responsibilities:

• Maintain and optimize large-scale Elasticsearch-based SIEM, including design, capacity planning, performance tuning, and monitoring.
• Provide engineering-level support to Security Operations and serve as the third-line escalation point.
• Participate actively in troubleshooting and resolving complex network and data collection issues.
• Regularly review, patch, and harden services.
• Provide technical support and guidance to SOC Analysts during incident response activities.

Technologies:

• Linux (RHEL, CentOS)
• Elastic Stack (Elasticsearch, Logstash, Kibana, Beats)
• Ansible
• Apache Kafka
• Apache (httpd)
• Pacemaker, Zookeeper
• PKI
• Python, Bash, Ruby