Lead Cybersecurity Engineer/Information Security Engineer/ REMOTE
Thrinetra
Senior Cybersecurity Engineer / Elastic SIEM Lead
Long Term
Experience
- 13–15 years of overall experience in Cybersecurity / Information Security
- 5–6 years of hands-on experience with Elastic Stack (ELK / Elastic Security)
Job Summary
We are seeking a highly experienced Cybersecurity professional with deep expertise in Elastic SIEM and security analytics. The role involves designing, implementing, and managing Elastic-based security monitoring solutions, leading threat detection initiatives, and supporting incident response and SOC operations across enterprise environments.
Key Responsibilities
Elastic SIEM & Security Operations
- Design, deploy, and manage Elastic Stack (Elasticsearch, Logstash, Kibana, Beats / Elastic Agent)
- Implement and maintain Elastic Security (SIEM & EDR) solutions
- Develop, tune, and optimize detection rules, alerts, and dashboards
- Map detections to MITRE ATT&CK framework
- Perform log onboarding for security devices, servers, endpoints, and cloud platforms
Threat Detection & Incident Response
- Monitor and analyze security events to identify threats, anomalies, and intrusions
- Lead incident investigations, root cause analysis, and forensic activities
- Support SOC teams with advanced threat hunting using Elastic
- Reduce false positives and improve detection accuracy
Log Management & Data Engineering
- Build and optimize log ingestion pipelines using Logstash and Ingest Pipelines
- Normalize and enrich security data from multiple sources
- Ensure scalability, performance tuning, and index lifecycle management (ILM)
Cloud & Endpoint Security
- Integrate Elastic with AWS / Azure / GCP security logs
- Monitor Kubernetes, containers, and cloud-native workloads
- Implement and manage Elastic Endpoint Security (EDR)
Leadership & Collaboration
- Act as technical lead for Elastic SIEM initiatives
- Mentor junior analysts and engineers
- Work closely with SOC, IR, DevOps, and compliance teams
- Support audits, risk assessments, and compliance requirements
Required Skills & Qualifications
Technical Skills
- Strong expertise in Elastic Stack (ELK) and Elastic Security
- Experience with SIEM, SOC operations, and threat hunting
- Proficiency in Linux, networking, TCP/IP, DNS, HTTP
- Scripting skills (Python, Bash, or similar)
- Experience with REST APIs and JSON
- Strong understanding of attack vectors, malware, and adversary tactics
Security Knowledge
- Incident response & digital forensics
- Threat intelligence and use case development
- MITRE ATT&CK, kill chain, IOC management
- Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS – preferred)
Preferred / Nice to Have
- Elastic Certified Engineer / Analyst
- Experience with Splunk, QRadar, or other SIEMs
- Cloud security certifications (AWS/Azure/GCP)
- CISSP, GCIA, GCIH, or similar certifications
Soft Skills
- Strong analytical and problem-solving skills
- Ability to work in high-pressure incident situations
- Excellent communication and documentation skills
- Leadership and mentoring mindset
Submission Format
Applicant Full Name |
|
Applicant Email Address |
|
Mobile Number |
|
Any Planned Vacation: |
|
Work Authorization |
|
Current Location with Zip code |
|
Relocation: (Yes/No) |
|
Availability: |
|
Passport Number |
|
SSN Last 4 digits |
|
Applicant Pay Rate |
|
|
References 1:
Contact name |
|
Phone |
|
Email address |
|
Client name |
|
References 2:
Contact name |
|
Phone |
|
Email address |
|
Client name |
|
Thanks & Regards,
| Thrinetra Sr Technical Recruiter Merlin Solutions Email: netra...@merlinsol.com |
