Lead Cybersecurity Consultant with Elastic Stack

Role : Cybersecurity Lead Consultant with Elastic Stack Location : USA/Remote Work Experience • 10–12 years of overall experience in Cybersecurity / Information Security • 5–6 years of hands-on experience with Elastic Stack (ELK / Elastic Security) • Monitoring and Investigation experience is required Job Summary: We are seeking a highly experienced Cybersecurity professional with deep expertise in Elastic SIEM and security analytics. The role involves designing, implementing, and managing Elastic-based security monitoring solutions, leading threat detection initiatives, and supporting incident response and SOC operations across enterprise environments. Key Responsibilities Elastic SIEM & Security Operations • Design, deploy, and manage Elastic Stack (Elasticsearch, Logstash, Kibana, Beats / Elastic Agent) • Implement and maintain Elastic Security (SIEM & EDR) solutions • Develop, tune, and optimize detection rules, alerts, and dashboards • Map detections to MITRE ATT&CK framework • Perform log onboarding for security devices, servers, endpoints, and cloud platforms Threat Detection & Incident Response • Monitor and analyze security events to identify threats, anomalies, and intrusions • Lead incident investigations, root cause analysis, and forensic activities • Support SOC teams with advanced threat hunting using Elastic • Reduce false positives and improve detection accuracy Log Management & Data Engineering • Build and optimize log ingestion pipelines using Logstash and Ingest Pipelines • Normalize and enrich security data from multiple sources • Ensure scalability, performance tuning, and index lifecycle management (ILM) Cloud & Endpoint Security • Integrate Elastic with AWS / Azure / GCP security logs • Monitor Kubernetes, containers, and cloud-native workloads • Implement and manage Elastic Endpoint Security (EDR) Leadership & Collaboration • Act as technical lead for Elastic SIEM initiatives • Mentor junior analysts and engineers • Work closely with SOC, IR, DevOps, and compliance teams • Support audits, risk assessments, and compliance requirements Required Skills & Qualifications Technical Skills • Strong expertise in Elastic Stack (ELK) and Elastic Security • Experience with SIEM, SOC operations, and threat hunting • Proficiency in Linux, networking, TCP/IP, DNS, HTTP • Scripting skills (Python, Bash, or similar) • Experience with REST APIs and JSON • Strong understanding of attack vectors, malware, and adversary tactics Security Knowledge • Incident response & digital forensics • Threat intelligence and use case development • MITRE ATT&CK, kill chain, IOC management • Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS – preferred) Preferred / Nice to Have • Elastic Certified Engineer / Analyst • Experience with Splunk, QRadar, or other SIEMs • Cloud security certifications (AWS/Azure/GCP) • CISSP, GCIA, GCIH, or similar certifications Soft Skills • Strong analytical and problem-solving skills • Ability to work in high-pressure incident situations • Excellent communication and documentation skills • Leadership and mentoring mindset Apply tot his job Apply To this Job