Lead Cybersecurity Consultant with Elastic Stack
Role : Cybersecurity Lead Consultant with Elastic Stack Location : USA/Remote Work Experience
- 10–12 years of overall experience in Cybersecurity / Information Security
- 5–6 years of hands-on experience with Elastic Stack (ELK / Elastic Security)
- Monitoring and Investigation experience is required
Job Summary: We are seeking a highly experienced Cybersecurity professional with deep expertise in Elastic SIEM and security analytics. The role involves designing, implementing, and managing Elastic-based security monitoring solutions, leading threat detection initiatives, and supporting incident response and SOC operations across enterprise environments.
Key Responsibilities
Elastic SIEM & Security Operations
- Design, deploy, and manage Elastic Stack (Elasticsearch, Logstash, Kibana, Beats / Elastic Agent)
- Implement and maintain Elastic Security (SIEM & EDR) solutions
- Develop, tune, and optimize detection rules, alerts, and dashboards
- Map detections to MITRE ATT&CK framework
- Perform log onboarding for security devices, servers, endpoints, and cloud platforms Threat Detection & Incident Response
- Monitor and analyze security events to identify threats, anomalies, and intrusions
- Lead incident investigations, root cause analysis, and forensic activities
- Support SOC teams with advanced threat hunting using Elastic
- Reduce false positives and improve detection accuracy Log Management & Data Engineering
- Build and optimize log ingestion pipelines using Logstash and Ingest Pipelines
- Normalize and enrich security data from multiple sources
- Ensure scalability, performance tuning, and index lifecycle management (ILM) Cloud & Endpoint Security
- Integrate Elastic with AWS / Azure / GCP security logs
- Monitor Kubernetes, containers, and cloud-native workloads
- Implement and manage Elastic Endpoint Security (EDR) Leadership & Collaboration
- Act as technical lead for Elastic SIEM initiatives
- Mentor junior analysts and engineers
- Work closely with SOC, IR, DevOps, and compliance teams
- Support audits, risk assessments, and compliance requirements
Required Skills & Qualifications Technical Skills
- Strong expertise in Elastic Stack (ELK) and Elastic Security
- Experience with SIEM, SOC operations, and threat hunting
- Proficiency in Linux, networking, TCP/IP, DNS, HTTP
- Scripting skills (Python, Bash, or similar)
- Experience with REST APIs and JSON
- Strong understanding of attack vectors, malware, and adversary tactics Security Knowledge
- Incident response & digital forensics
- Threat intelligence and use case development
- MITRE ATT&CK, kill chain, IOC management
- Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS – preferred)
Preferred / Nice to Have
- Elastic Certified Engineer / Analyst
- Experience with Splunk, QRadar, or other SIEMs
- Cloud security certifications (AWS/Azure/GCP)
- CISSP, GCIA, GCIH, or similar certifications Soft Skills
- Strong analytical and problem-solving skills
- Ability to work in high-pressure incident situations
- Excellent communication and documentation skills
- Leadership and mentoring mindset
Apply tot his job Apply To this Job