Should have at least Five years experience in architecting, designing, developing solutions using the ELK Elasticsearch, Logstash and Kibana stack
Should have Information Security knowledge and experience.
Should have a good understanding of Security technologies and its functions.
Strong experience in query languages and writing complex queries with joins and aggregate that deals with large amount of data.
Experience with LUA or similar scripting systems.
Experience with implementing and use of Elastic Stack XPack for security, monitoring auditing.
Good knowledge on ELK security, SIEM module and Lucene syntax
Responsibilities and Duties
Write complex grok, json and mutate filters and correlation rules spanning multiple different security systems logging into ELK
Write custom rule sets for Security Detection and Monitoring on ELK stack
Create dashboards on Kibana to Visualize data and events which help identify trends, anomalies and monitor the general health or security status of the environment
Co-ordinate with external teams for gathering requirements
