Elastic SIEM Admins

Role Name: Elastic SIEM Admins

Location: Los angeles, CA

Mode: Fulltime

Role Purpose: The Elastic SIEM Admins are responsible for the administration, configuration, and management of the Elastic SIEM platform to ensure the security, performance, and integrity of the organization's security monitoring and incident response capabilities.

Role Responsibilities:

System Configuration: Configure and maintain the Elastic SIEM platform, including settings related to data collection, retention, indexing, and storage.

Data Source Management: Manage the configuration of data sources, such as logs, network traffic, and security appliances, ensuring accurate and efficient data collection.

User and Role Management: Create, manage, and modify user accounts and roles within the SIEM platform, adhering to the principle of least privilege.

Access Control: Define and enforce role-based access control (RBAC) policies to ensure that users have appropriate access levels based on their job functions.

Security Rules: Create and manage security detection rules, anomaly detection settings, and threat intelligence integrations to enhance threat detection capabilities.

Alerting and Incident Response: Configure alerting rules and notifications to promptly inform security teams about potential threats or security incidents.

Data Visualization: Design and manage custom dashboards and visualizations to provide meaningful insights into security data and incidents.

Integration and Automation: Integrate the SIEM platform with other security tools, systems, and workflows to streamline incident response processes.

Platform Upgrades and Maintenance: Plan and execute upgrades, patches, and maintenance tasks to keep the SIEM environment up to date and secure.

Performance Optimization: Monitor the performance and health of the SIEM platform, addressing any performance issues and optimizing resource utilization.

Documentation: Maintain documentation related to the SIEM environment, including configurations, procedures, and best practices.

Access Level: Elastic SIEM Admins have full administrative access to the Elastic SIEM platform, allowing them to configure, manage, and maintain all aspects of the system.

---