Define and enforce Elastic Common Schema (ECS) field mappings across all data sources, ensuring consistent normalization for detection rules and analytics
Design and develop custom data ingestion pipelines using Elasticsearch
Integrate with AWS services including S3, Kinesis Data Streams, Lambda, and CloudWatch for log collection
Manage AWS infrastructure: EC2, S3, IAM, and Secrets Manager
using AWS CloudFormation
Implement data lifecycle management
hot/warm/cold/frozen tier strategies, ILM policies, and snapshot/restore to S3-based data lakes
Partner with Detection Engineering and Threat Intelligence teams to optimize index strategies, queries, and dashboards in Kibana
Establish and maintain cluster security controls: TLS/mTLS, role-based access control (RBAC), audit logging, and encryption at rest