Job Title: Elastic Stack Consultant – Security & Observability
Location: Birmingham & London, UK (Hybrid)
🔍 Job Overview:
We are seeking a highly skilled Elastic Stack Consultant – Security & Observability to architect, implement, and optimize end-to-end Elastic Stack deployments. This hybrid role combines Elastic SIEM for security detection and Elastic APM for performance monitoring. You will work closely with SOC teams, SREs, DevOps engineers, and security stakeholders to design detection rules, dashboards, alerting mechanisms, and pipeline integrations using the Elastic ecosystem.
🎯 Key Responsibilities:
🔐 Security (SIEM & Detection Engineering)
* Design and tune detection rules using EQL, Rule DSL, and Sigma mappings.
* Configure Elastic Security integrations with endpoint agents, EDR, and threat intel feeds.
* Conduct threat hunting and investigative queries across log, network, and endpoint data.
* Automate alert triage and enrichment using Ingest Pipelines and ML anomaly jobs.
* Integrate with ITSM tools (e.g., Jira, ServiceNow) and manage alert workflows.
📈 Observability (APM & Monitoring)
* Deploy and configure Elastic APM agents (.NET, Java, Python, Node.js).
* Build dashboards, service maps, flame graphs, and transaction monitoring views.
* Configure Metricbeat, Heartbeat, and Filebeat for uptime and health monitoring.
* Optimize ILM policies, shard sizing, and index rollover for scale and cost-efficiency.
* Integrate with observability tools like OpenTelemetry and Prometheus.
🛠️ Key Skills & Technologies:
* Elastic Stack (Elasticsearch, Kibana, Logstash, Beats, Elastic Agent)
* Detection & Response: EQL, DSL, MITRE ATT&CK, IOC/IOA analysis
* Observability: Elastic APM, Metrics, Logs, Distributed Tracing
* Dashboards: Kibana, Canvas, Lens
* Ingest Pipelines: Grok, Dissect, Script, CSV, GeoIP
* Logstash & Beats (Filebeat, Metricbeat, Auditbeat, Winlogbeat)
* Security Integration: STIX/TAXII, SIEM connectors
* Scripting: Python, Shell, Bash, Painless
* Container Platforms: Docker, Kubernetes (Nice to have)
* Tools: ServiceNow, Jira, Slack, PagerDuty
🤝 Ideal Candidate Will Have:
* Minimum 5 years of experience in Elastic Stack deployment and optimization.
* Experience in both cybersecurity (SIEM) and performance monitoring (APM).
* Strong understanding of ECS-compliant event mapping and normalization.
* Ability to collaborate across DevOps, Security, and Engineering teams.