We welcome individual candidate and Corp-to-Corp (CTC) resume submissions.
5-month contract
Hybrid - Baltimore, MD
We are seeking an experienced Elastic Search Architect to lead the deployment and management of our client's new SIEM instance in AWS. The ideal candidate will possess extensive experience in enterprise-level Elastic Search cluster setups, AWS cloud environments, and a deep understanding of SIEM architecture. This role requires expertise in data ingestion, AI assistance integration, and the ability to support stakeholders effectively. The candidate should have a proactive approach, demonstrate problem-solving skills, and be capable of prioritizing and delivering critical tasks efficiently.
Responsibilities: • Elastic Search Setup and Maintenance: Design, deploy, and maintain Elastic Search clusters according to enterprise standards in AWS environments. Utilize AWS CLI and commands for optimal cloud resource management. • Data Ingestion and Integration: Develop strategies to onboard data into Elastic using Elastic agents, Logstash, or custom APIs. Provide custom data onboarding solutions when standard methods do not suffice. Work independently with application teams to ensure data is onboarded in a standardized way that will not cause issues in the future. • AI Integration: Implement AI-powered capabilities in Elastic to enhance anomaly detection, predictive analytics, and automated alerting. Develop search and security solutions using ElasticSearch, including adding data and leveraging AI tools for search, vectorization, and visualization. Utilize ElasticSearch's API, web crawler connectors, and language clients for advanced data processing. • Proactive Stakeholder Support: Collaborate closely with stakeholders to resolve any issues related to the Elastic platform. Proactively identify improvements and stay ahead of critical tasks, ensuring seamless operations. • Documentation and Compliance: Document architecture, data sources, configurations, and integration processes. Maintain clear records of activities, ensuring compliance with industry standards. • Elastic Roles Management: Regularly review and manage user roles within Elastic, ensuring access levels are appropriate and secure. Lead clean-up initiatives to restrict unnecessary admin privileges. • Syslog Setup: Design and implement solutions, including setting up Syslog servers to obfuscate PII data before indexing it into Elastic. • Automation: Create robust automation scripts to streamline processes and automate Elastic Search cluster management. Experience with GitHub deployment processes to automate CI/CD pipelines. • Custom Development: Develop and deploy APIs for efficient data onboarding and adapt out-of-the-box solutions to meet complex business needs. Leverage tools like Docker and OpenShift to host Elastic Agents for seamless integrations. • Gap Analysis and Optimization: Perform ongoing gap analysis for SIEM detections and logging capabilities, fine-tuning and optimizing their performance for improved efficiency. • Cross-Tool Management: Learn and manage additional tools such as Devo and Key Caliber if no prior experience. Work with these tools to create a seamless SIEM environment. • Collaborate and Mentor: Build and maintain strong working relationships with IT engineering, security, and other stakeholders. Mentor junior engineers and work closely with external vendors to troubleshoot and resolve issues. • Incident Handling and Alerts: Assist in developing alerting mechanisms based on tactics, techniques, and procedures (TTPs) associated with cyber threats. • Cluster Design and Architecture: Design Elastic Search clusters for scalability, high availability, redundancy, and data partitioning. Choose appropriate node types, configure shard allocations, and design indexing strategies for optimal performance. • Cluster Maintenance and Performance Optimization: Monitor the Elastic cluster using tools like Kibana and Grafana. Conduct capacity planning, shard rebalancing, and performance tuning to ensure optimal performance. • Incident Handling and Troubleshooting: Troubleshoot and diagnose cluster issues, including master node failures, split-brain scenarios, and indexing performance bottlenecks. Set up alerting mechanisms to detect and mitigate potential issues.
Requirements: • Elastic Search Expertise: 5 - 10 years of experience setting up and maintaining Elastic Search clusters at an enterprise level. • AWS Cloud Experience: Strong experience working in AWS environments, with proficiency in AWS CLI, EC2, IAM, and related AWS services. • SIEM and Security Experience: 2+ years of experience working in IT Security, with exposure to Security Information and Event Management (SIEM) • Data Onboarding and Custom API Development: Proven experience in custom API development, Elastic agent and Logstash onboarding, and overcoming data ingestion challenges. • Scripting Skills: Proficiency in Python, PowerShell, Bash, or other scripting languages to automate tasks and streamline operations. • Syslog Management: Experience setting up and maintaining syslog servers, with the ability to obfuscate sensitive data before ingestion. • Observability Tools: Familiarity with Docker and OpenShift, particularly in the context of monitoring and logging. • Problem Solving and Out-of-the-Box Thinking: Ability to develop workarounds and custom solutions for non-standard use cases without relying on immediate out-of-the-box solutions. • Documentation Skills: Demonstrated ability to maintain detailed and organized documentation of configurations, processes, and incidents. • Stakeholder Engagement: Ability to work closely with IT teams, business stakeholders, and vendors to ensure effective communication, efficient troubleshooting, and the delivery of quality results. • Proactive and Adaptable: A proactive mindset with a strong ability to prioritize tasks, stay ahead of potential issues, and respond quickly to urgent requests.
Preferred Skills: • Bachelor's degree in information technology, Cybersecurity, or a related field. • Experience integrating applications such as CrowdStrike, Azure, GitHub, Filebeat, etc., with Elastic. • Familiarity with Azure and other SIEM platforms. • Experience with SOAR platforms and authoring security runbooks. • Strong understanding of cyber threat tactics, techniques, and procedures. • Ability to create visualizations and reports to generate actionable insights using Elastic Stack and other internal tools.
Additional Information:
o Position Type: If the right candidate is not available closer to the Baltimore MD location, remote work is acceptable.
o If Hybrid: For hybrid arrangements, 40% onsite weekly is required.