Job Description:As an Elastic Enterprise Security Administrator, you will hold a pivotal position within our Elastic Engineering & Administration team. Your primary responsibility will be to manage and optimize Elastic Stack environment. This includes Elastic Search, Kibana, Beats, and Logstash components. Your expertise will be instrumental in ensuring the integrity and availability of our critical data.Responsibilities: Elastic Stack Administration: Deploy and Maintain: You will be part of team managing complete lifecycle of Elastic Stack components, including Elastic Search, Kibana, Beats, and Logstash. This involves deploying the stack and ensuring its ongoing maintenance and stability. Optimization for Performance and Scalability: It will be your duty to fine-tune the Elastic Stack clusters to ensure optimal performance, scalability, and availability. This includes configuring settings, adjusting resource allocation, and implementing best practices for cluster management. Dashboards & Stack Management: You will be creating complex dashboards and visualizations as per teams requirement which includes using Lens, TSVB & aggregation based widgets. Parsing & Pipelines: You will create new Logstash parsers and ingest pipelines to enhance and modify the events into ECS schemaSecurity Configuration and Hardening: Authentication and Authorization: You will implement robust security features such as authentication and authorization mechanisms to control access to the Elastic Stack. This involves setting up user accounts, roles, and permissions, as well as integrating with existing authentication systems if applicable. Encryption and Secure Communication: You'll ensure that data in transit is encrypted using SSL/TLS protocols. This safeguards sensitive information from interception or tampering during communication between Elastic Stack components.Alerting & Watchers: Alerting and Monitoring Configuration: You will set up and configure alerting mechanisms to promptly detect security incidents and anomalies. This involves defining thresholds, creating watchers, and integrating with notification systems for immediate response. Incident Response Coordination: In the event of a security incident, you will closely work with Qualys Security Operations Center for response efforts. Help create custom dashboards and alerts for assisting the ongoing investigation. Automation and Scripting : Automation Methodology -: Create and maintain automation scripts (using Python, Bash, etc.) to streamline Elasticsearch operations, including data ingestion, indexing, and maintenance tasks. Automation Tools -: Utilize automation tools such as Ansible, Puppet, and Jenkins to automate deployment, configuration, and management of Elasticsearch clusters and configure elastic agent across environments Continuous Monitoring and Threat Hunting: Real-time Visibility: You'll implement advanced monitoring solutions to provide real-time visibility into the health and security posture of the Elastic Stack environment. This ensures that any unusual activity or potential threats are detected promptly. Proactive Threat Hunting: As part of a proactive security strategy, you'll conduct threat hunting exercises. This involves actively searching for signs of potential security threats within the environment, even before they trigger alerts. Capacity Planning and Performance Optimization: Resource Utilization Monitoring: You'll monitor resource utilization within the Elastic Stack environment and plan for capacity upgrades based on data growth projections. This ensures that the infrastructure can support the organization's evolving needs. Performance Tuning: You'll conduct performance tuning to optimize resource utilization and responsiveness. This involves fine-tuning configurations, adjusting hardware allocation, and making adjustments to meet performance objectives.Qualifications we seek in you! - Experience in development, integration, testing, and implementation of a large-scale analytical data sets inELASTIC Strong knowledge and experience of scripting language such as Python, Bash, Powershell Able to optimize queries, use data models and summary indexes in appropriate way to ensure searches run in most efficient and cost effective way Proficient in Parsing, Indexing, Searching Concepts like Hot, Warm, Cold Frozen bucketing. Good understanding of log collection methodologies and aggregation techniques such as syslog-ng, Windows event forwarding, API base log collection etc. Good understanding of SIEM architecture, log ingestion, indexing, parsing 2+ years of relevant experience with Elastic technologies Working knowledge of cloud technologies such as AWS, Azure, GCP, OCI is good to have Periodically Develop and maintain support documentation for technical add-ons Help the team with analyzing, identifying, and tuning user applications/dashboards for performance Ability to communicate effectively with all levels audience in organization Superior analytical and problem-solving skills Knowledge of IT production operations is desired
Job Title
Elastic Enterprise Security Administrator