Job Description

• Pune

Job Description - 

As an Elastic Enterprise Security Administrator, you will hold a pivotal position within our SIEM Engineering & Administration team. Your primary responsibility will be to fortify the security infrastructure of Qualys by meticulously managing and optimizing the Elastic Stack environment. This includes Elastic Search, Kibana, Beats, and Logstash components. Your expertise will be instrumental in ensuring the confidentiality, integrity, and availability of our critical data.

Responsibilities:

Elastic Stack Administration: 

• Design, Deploy, and Maintain: You will be responsible for the complete lifecycle of Elastic Stack components, including Elastic Search, Kibana, Beats, and Logstash. This involves designing the architecture, deploying the stack, and ensuring its ongoing maintenance and stability.
• Optimization for Performance and Scalability: It will be your duty to fine-tune the Elastic Stack clusters to ensure optimal performance, scalability, and availability. This includes configuring settings, adjusting resource allocation, and implementing best practices for cluster management.

Security Configuration and Hardening:

• Authentication and Authorization: You will implement robust security features such as authentication and authorization mechanisms to control access to the Elastic Stack. This involves setting up user accounts, roles, and permissions, as well as integrating with existing authentication systems if applicable.
• Encryption and Secure Communication: You'll ensure that data in transit is encrypted using SSL/TLS protocols. This safeguards sensitive information from interception or tampering during communication between Elastic Stack components.

Incident Detection and Response:

• Alerting and Monitoring Configuration: You will set up and configure alerting mechanisms to promptly detect security incidents and anomalies. This involves defining thresholds, creating watchers, and integrating with notification systems for immediate response.
• Incident Response Coordination: In the event of a security incident, you will closely work with Qualys Security Operations Center for response efforts. Help create custom dashboards and alerts for assisting the ongoing investigation.

Continuous Monitoring and Threat Hunting:

• Real-time Visibility: You'll implement advanced monitoring solutions to provide real-time visibility into the health and security posture of the Elastic Stack environment. This ensures that any unusual activity or potential threats are detected promptly.
• Proactive Threat Hunting: As part of a proactive security strategy, you'll conduct threat hunting exercises. This involves actively searching for signs of potential security threats within the environment, even before they trigger alerts.

Patch Management and Upgrades:

• Stay Current with Releases: You'll stay up-to-date with the latest Elastic Stack releases, applying security patches and updates in a controlled and tested environment. This ensures that known vulnerabilities are promptly addressed.
• Version Upgrades: You'll plan and execute version upgrades of Elastic Stack components, carefully managing the process to minimize disruption to ongoing operations.

Compliance and Audit Support:

• Adherence to Compliance Standards: You'll be responsible for ensuring that Elastic Stack configurations align with relevant industry compliance standards and internal policies. This ensures that the organization meets regulatory requirements.
• Documentation and Evidence Preparation: You'll assist in preparing comprehensive documentation and evidence for regulatory compliance audits. This includes providing detailed information on configurations, access controls, and security measures.

Capacity Planning and Performance Optimization:

• Resource Utilization Monitoring: You'll monitor resource utilization within the Elastic Stack environment and plan for capacity upgrades based on data growth projections. This ensures that the infrastructure can support the organization's evolving needs.
• Performance Tuning: You'll conduct performance tuning to optimize resource utilization and responsiveness. This involves fine-tuning configurations, adjusting hardware allocation, and making adjustments to meet performance objectives.

Collaboration and Knowledge Sharing:

• Alignment with Security Policies: You'll work closely with IT and security teams to align Elastic Stack configurations with organizational security policies and initiatives. This includes ensuring that security measures are consistent with broader company objectives.
• Mentorship and Training: You'll share your expertise through workshops, training sessions, and mentorship of team members. This helps to build the collective knowledge and capability of Qualys Security Operations Center.

Qualifications we seek in you! -

• Experience in design, development, integration, testing, and implementation of a large-scale analytical data sets in ELASTIC
• Proficient in Parsing, Indexing, Searching Concepts like Hot, Warm, Cold Frozen bucketing.
• Good understanding of log collection methodologies and aggregation techniques such as syslog-ng, Windows event forwarding, API base log collection etc.
• Good understanding of SIEM architecture, log ingestion, indexing, parsing
• 2+ years of relevant experience with Elastic technologies
• Working knowledge of cloud technologies such as AWS, Azure, GCP, OCI
• Periodically Develop and maintain support documentation for technical add-ons
• Able to optimize queries, use data models and summary indexes in appropriate way to ensure searches run in most efficient and cost effective way
• Help the team with analyzing, identifying, and tuning user applications/dashboards for performance
• Strong knowledge and experience of scripting language such as Python, Bash, Powershell
• Ability to communicate effectively with all levels audience in organization
• Superior analytical and problem-solving skills
• Knowledge of IT production operations is desired

Certifications (Preferred):

• Elastic Certified Engineer (ECE) or equivalent.
• Relevant industry certifications in information security or systems administration.