Elastic Engineer

<p><strong>Role Overview</strong></p><p>We are seeking an experienced Elastic Engineer to design, implement, and maintain our Elastic Stack (ELK/Elasticsearch) ecosystem. You will play a crucial role in building scalable, reliable, and performant solutions for logging, search, and data analytics. The ideal candidate will have a strong technical background, hands-on experience with Elastic integrations, and a passion for data. Experience in a security context (SIEM) is a significant advantage.</p><p><strong></strong></p><p><strong>Key Responsibilities</strong></p><ul><li><strong>Design & Deployment:</strong>Architect, deploy, configure, and manage on-premise and/or cloud-based Elasticsearch clusters ensuring high availability, performance, and disaster recovery.</li><li><strong>Integration & Development:</strong>Develop and maintain data ingestion pipelines (using Logstash, Beats, Kafka, etc.) to onboard data from a wide variety of sources (applications, network, cloud services).</li><li><strong>Management & Optimization:</strong>Monitor cluster health and performance, perform tuning, troubleshooting, and capacity planning to ensure system stability and efficiency.</li><li><strong>Search & Data Analysis:</strong>Create and optimize complex searches, aggregations, and visualizations within Kibana to turn data into actionable insights for various teams.</li><li><strong>Security & Governance:</strong>Implement and manage security features including role-based access control (RBAC), encryption, and audit logging.</li><li><strong>Automation & DevOps:</strong>Utilize Infrastructure as Code (e.g., Ansible, Terraform) and CI/CD pipelines to automate deployment and management tasks.</li></ul><p><strong></strong></p><p><strong>Required Qualifications & Experience</strong></p><ul><li>2-3 yearsof hands-on, professional experience administering the Elastic Stack (Elasticsearch, Logstash, Kibana).</li><li>Proven experience integrating diverse data sources into the Elastic Stack using Logstash pipelines, Beats, and/or third-party APIs.</li><li>Strong understanding of Elasticsearch concepts: index management, sharding, replication, mappings, and templates.</li><li>Proficiency in writing and optimizing Elasticsearch queries (DSL).</li></ul><p><strong>Highly Advantageous Qualifications (SIEM/Security)</strong></p><ul><li>Experience deploying or managing Elastic Security (SIEM) or other SIEM solutions (Splunk, ArcSight, QRadar).</li><li>Understanding of security concepts: threat detection, incident response, vulnerability management, and cyber-attack frameworks (MITRE ATT&CK).</li><li>Familiarity with security analytics, creating detection rules, and developing security dashboards.</li><li>Relevant security certifications (e.g., CompTIA Security+, CySA+, Elastic Certified Analyst) are a plus.</li><li>Certification in Elastic (e.g., Elastic Certified Engineer, Elastic Certified Analyst) will be a significant advantage.</li></ul>