Lead Cybersecurity Consultant with Elastic Stack

Role : Cybersecurity Lead Consultant with Elastic Stack

Location : USA/Remote Work

Experience

• 10–12 years of overall experience in Cybersecurity / Information Security
• 5–6 years of hands-on experience with Elastic Stack (ELK / Elastic Security)
• Monitoring and Investigation experience is required

Job Summary

We are seeking a highly experienced Cybersecurity professional with deep expertise in Elastic SIEM and security analytics. The role involves designing, implementing, and managing Elastic-based security monitoring solutions, leading threat detection initiatives, and supporting incident response and SOC operations across enterprise environments.
Key Responsibilities

Elastic SIEM & Security Operations
• Design, deploy, and manage Elastic Stack (Elasticsearch, Logstash, Kibana, Beats / Elastic Agent)
• Implement and maintain Elastic Security (SIEM & EDR) solutions
• Develop, tune, and optimize detection rules, alerts, and dashboards
• Map detections to MITRE ATT&CK framework
• Perform log onboarding for security devices, servers, endpoints, and cloud platforms Threat Detection & Incident Response
• Monitor and analyze security events to identify threats, anomalies, and intrusions
• Lead incident investigations, root cause analysis, and forensic activities
• Support SOC teams with advanced threat hunting using Elastic
• Reduce false positives and improve detection accuracy Log Management & Data Engineering
• Build and optimize log ingestion pipelines using Logstash and Ingest Pipelines • Normalize and enrich security data from multiple sources
• Ensure scalability, performance tuning, and index lifecycle management (ILM) Cloud & Endpoint Security
• Integrate Elastic with AWS / Azure / GCP security logs
• Monitor Kubernetes, containers, and cloud-native workloads
• Implement and manage Elastic Endpoint Security (EDR) Leadership & Collaboration
• Act as technical lead for Elastic SIEM initiatives
• Mentor junior analysts and engineers
• Work closely with SOC, IR, DevOps, and compliance teams
• Support audits, risk assessments, and compliance requirements

Required Skills & Qualifications Technical Skills
• Strong expertise in Elastic Stack (ELK) and Elastic Security
• Experience with SIEM, SOC operations, and threat hunting
• Proficiency in Linux, networking, TCP/IP, DNS, HTTP
• Scripting skills (Python, Bash, or similar)
• Experience with REST APIs and JSON
• Strong understanding of attack vectors, malware, and adversary tactics Security Knowledge • Incident response & digital forensics
• Threat intelligence and use case development
• MITRE ATT&CK, kill chain, IOC management
• Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS – preferred)

Preferred / Nice to Have
• Elastic Certified Engineer / Analyst
• Experience with Splunk, QRadar, or other SIEMs
• Cloud security certifications (AWS/Azure/GCP)
• CISSP, GCIA, GCIH, or similar certifications Soft Skills
• Strong analytical and problem-solving skills
• Ability to work in high-pressure incident situations
• Excellent communication and documentation skills
• Leadership and mentoring mindset