Role overview:
We are looking for a technically strong Security Engineer to join our Managed Security Services team and take ownership of an Elastic Security SIEM deployment running on self managed infrastructure. You will be responsible for the full operational lifecycle of the platform — from onboarding new log sources and building ingest pipelines, writing detection rules, managing Elastic Agents, and maintaining platform health.
Key Responsibilities:
Log Source Onboarding & Ingest Pipeline Development
- Design and build ECS-compliant ingest pipelines for new log sources using Elasticsearch ingest processors
- Collect raw log samples, perform ECS field mapping, and build index templates and component templates
- Configure and manage data enrichment using Elasticsearch enrich policies — asset, user, and business context enrichment
- Work across multiple integration paths: Elastic Agent, Logstash, and Kafka-delivered log streams
- Validate pipeline output using the Simulate API and perform data quality checks before production deployment
- Document all integrations with technical runbooks and client-facing integration summaries
Detection Rule Creation & Tuning
- Write and maintain detection rules across all rule types: Custom Query (KQL), EQL, ES|QL, Threshold, New Terms, Indicator Match, and ML-based rules
- Map all detection rules to MITRE ATT&CK framework techniques with accurate severity, risk scoring, and metadata
- Tune existing rules to reduce false positives using exception lists and targeted exception conditions
- Convert public SIGMA rules to Elastic format and validate against test data before production deployment
- Monitor rule execution health, identify gap periods, and maintain rule coverage
Elastic Agent & Fleet Management
- Manage Fleet policies for endpoint and server agents across Linux, Windows, and network device log sources
- Handle agent enrollment, integration configuration, policy updates, and staged agent upgrades
- Diagnose and resolve agent connectivity issues using diagnostic bundles and on endpoint log analysis
- Design and implement agent policies that combine multiple integrations for different host types
Platform Health Monitoring & Reporting
Execute daily platform health checks covering cluster status, node health, ingest throughput, ILM states, snapshot health, and Fleet agent connectivity
Monitor Stack Monitoring dashboards for JVM heap pressure, GC activity, disk watermarks, and thread pool saturation
Identify and escalate degraded platform states to the senior engineering tier with appropriate diagnostic context
Contribute to weekly and monthly client operational reports including alert statistics, platform health summaries, and SLA metrics
Data Transforms & Summarization
- Build and maintain Elasticsearch transforms for data summarization, rollup indices, and derived security datasets
- Monitor transform health, handle checkpoint failures, and manage transform scheduling
Documentation & Collaboration
- Maintain integration inventory, runbooks, known issue logs, and change logs as living documents
- Write clear change notes for all production modifications and follow the team's change management process
- Participate in shift handovers, incident retrospectives, and weekly team knowledge share sessions
Qualification/Requirements:
- 2–5 years of experience in IT infrastructure, security engineering, or security operations
- Demonstrable hands-on experience with at least one of: Elasticsearch / Elastic Stack, a SIEM platform, or enterprise log management infrastructure
- Strong understanding of networking fundamentals — TCP/IP, DNS, TLS, ports and protocols
- Experience working in a managed service, MSP, or MSSP environment is strongly preferred
- Ability to read and interpret raw log formats across multiple source types.
Pay: ₹600,000.00 - ₹700,000.00 per year
Benefits:
- Paid sick time
- Provident Fund
Application Question(s):
- How many years of hands-on experience do you have with Elasticsearch / Elastic Stack / SIEM platforms?
- Do you have hands-on experience onboarding log sources and building ingest pipelines in Elastic Stack?
- Do you have experience writing or tuning detection rules (KQL, EQL, ES|QL, Sigma, etc.)?
- Have you worked with Elastic Agents / Fleet Management?
- How comfortable are you with networking fundamentals (TCP/IP, DNS, TLS, Ports & Protocols)?
- Are you comfortable working from Mumbai?
- What is your current CTC ?
- What is your expected CTC?
- What is your notice period?
Work Location: In person
