Build and maintain high performing system using Elastic to aggregate logs from many systems into a common schema. Use Elastic Common Schema (ECS) formatted fields, create quality visualizations and alerts that analyst can use for threat detection, maintain infrastructure, and identify problems or anomalous behavior before they become a larger issue and can be actioned on. Work with the teams to determine best practices for deployment and maintenance of system architecture and deploy within designated security requirements.
- Experience with Elastic Stack, Logstash, Elasticsearch, Kibana, and Beats, including installing, configuring, maintaining, upgrading, and troubleshooting these products.
- Experience with Active Directory roles.
- Experience with Customize or Install monitoring known as "Watches".
- Experience building high-quality Kibana visualizations and dashboards.
- Experience with log pipelines and interpreting logs to determine information, including converting raw logs into ECS formatted documents.
- Experience with Logstash plugins, filters, regular expressions, and grok patterns
- Knowledge of cryptography protocols and standards, including TLS, mTLS, hashing algorithms, and Public Key Infrastructure (PKI)
- Experience with Provide Root Cause Analysis (RCA) on escalated issues that are reported via automation.
- Daily review on health and status on the platform
- Experience in any programming language or scripting is must.
- Experience in service now and Alert site integrations with ELK
- Experience working with Docker, Kubernetes, and cloud containerization solutions, such as Elastic Cloud on Kubernetes (ECK), AWS ROSA
- Experience interacting with tools through RDP, web-based UI, SSH, and CLI
- Experience with Jira, Kafka, and Confluence
- Knowledge of Elastic Index Lifecycle Management (ILM)
- Knowledge of Linux or UNIX environments, including navigating and troubleshooting basic OS issues
- Knowledge of networking protocols
- Ability to understand how various systems interact with each other