Senior Cybersecurity Engineer /Information Security/ Elastic SIEM Lead
United States of America
Full-time
2 weeks ago
H1B Sponsor Likely
Key skills
Elastic Stack (ELK)Elastic SecurityIncident responseThreat huntingLinux proficiencyScripting PythonScripting BashMITRE ATT&CKLeadership mindsetCommunication skillsProblem-solving skillsPythonBashAnalyticsAWSAzureGCPKubernetesElasticsearchSplunkLogstashKibanaCloud Security
About this role
Pacific Consultancy Services is seeking a highly experienced Cybersecurity professional with deep expertise in Elastic SIEM and security analytics. The role involves designing, implementing, and managing Elastic-based security monitoring solutions, leading threat detection initiatives, and supporting incident response and SOC operations across enterprise environments.
Responsibilities:
- Design, deploy, and manage Elastic Stack (Elasticsearch, Logstash, Kibana, Beats / Elastic Agent)
- Implement and maintain Elastic Security (SIEM & EDR) solutions
- Develop, tune, and optimize detection rules, alerts, and dashboards
- Map detections to MITRE ATT&CK framework
- Perform log onboarding for security devices, servers, endpoints, and cloud platforms
- Monitor and analyze security events to identify threats, anomalies, and intrusions
- Lead incident investigations, root cause analysis, and forensic activities
- Support SOC teams with advanced threat hunting using Elastic
- Reduce false positives and improve detection accuracy
- Build and optimize log ingestion pipelines using Logstash and Ingest Pipelines
- Normalize and enrich security data from multiple sources
- Ensure scalability, performance tuning, and index lifecycle management (ILM)
- Integrate Elastic with AWS / Azure / GCP security logs
- Monitor Kubernetes, containers, and cloud-native workloads
- Implement and manage Elastic Endpoint Security (EDR)
- Act as technical lead for Elastic SIEM initiatives
- Mentor junior analysts and engineers
- Work closely with SOC, IR, DevOps, and compliance teams
- Support audits, risk assessments, and compliance requirements
Requirements:
- 10–12 years of overall experience in Cybersecurity / Information Security
- 5–6 years of hands-on experience with Elastic Stack (ELK / Elastic Security)
- Monitoring and Investigation experience is required
- Strong expertise in Elastic Stack (ELK) and Elastic Security
- Experience with SIEM, SOC operations, and threat hunting
- Proficiency in Linux, networking, TCP/IP, DNS, HTTP
- Scripting skills (Python, Bash, or similar)
- Experience with REST APIs and JSON
- Strong understanding of attack vectors, malware, and adversary tactics
- Incident response & digital forensics
- Threat intelligence and use case development
- MITRE ATT&CK, kill chain, IOC management
- Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS – preferred)
- Elastic Certified Engineer / Analyst
- Experience with Splunk, QRadar, or other SIEMs
- Cloud security certifications (AWS/Azure/GCP)
- CISSP, GCIA, GCIH, or similar certifications