Sr SIEM Engineer

Your Future Evolves Here

Evolent Health has a bold mission to change the health of the nation by changing the way health care is pursuit of this mission is the driving force that brings us to work each day. We believe in embracing new ideas challenging ourselves and failing forward. We respect and celebrate individual talents and team wins. We have fun while working hard and Evolenteers often make a differenceworkingin everything from scrubs to jeans.

Are we growing Absolutely and Globally. In 2021 we grew our teams by almost 50 and continue to grow even more in we recognized as a company you are supported by for your career and growth and a great place to workDefinitely. Evolent Health International (Pune India) has been certified as Great Places to Work in 2021. In 2020 and 2021 Evolent in the U.S. was both named Best Company for Women to Advance list by and earned a perfect score on the Human Rights Campaign (HRC) Foundations Corporate Equality Index (CEI). This index is the nations foremost benchmarking survey and report measuring corporate policies and practices related to LGBTQ workplace equality.

We recognize employees that live our values give back to our communities each year and are champions for bringing our whole selves to work each day. If youre looking for a place where your work can be personally and professionally rewarding dont just join a company with a mission. Join a mission with a company behind it.

What Youll Be Doing:

Position Summary:

We are seeking a highly skilled and experienced Senior SIEM Engineer with deep expertise in Elastic SIEM to join our cybersecurity team. This is a handson role responsible for architecting deploying administering and developing security content and use cases in Elastic SIEM to support threat detection and incident response initiatives. The ideal candidate will have a solid foundation in cybersecurity operations strong engineering skills and a passion for developing advanced detection logic and correlation rules in Elastic Stack.

Key Responsibilities:

• Lead the design implementation tuning and administration of Elastic SIEM/Elastic Stack (Elasticsearch Logstash Kibana Beats) in enterprise environments.

• Work on ECU and license optimization efforts to save costs.

• Develop advanced correlation rules detection logic dashboards and visualizations within Elastic SIEM.

• Build and maintain custom parsers log ingestion pipelines and data enrichment mechanisms using Logstash Beats and Elastic Agent.

• Engineer and maintain log collection from diverse data sources: firewalls endpoints servers cloud platforms applications and network devices.

• Integrate Elastic SIEM with threat intelligence feeds and develop use cases for TTP detection aligned with MITRE ATT&CK framework.

• Continuously optimize performance scalability and availability of the SIEM platform.

• Collaborate with SOC Incident Response and Threat Intel teams to understand requirements and transform them into actionable use cases.

• Troubleshoot and resolve ingestion parsing and indexing issues.

• Support compliance reporting data retention and audit requirements (HIPAA PCIDSS SOX NIST etc..

• Document configurations use cases operational runbooks and architectural changes.

• Partner with peers in Elastic SIEM concepts query development and best practices.
  

Required Qualifications:

• Bachelors degree in Computer Science Cybersecurity Information Systems or a related field. Masters preferred.

• 5 years of experience in cybersecurity with at least 2 years focused on Elastic SIEM/ELK Stack in a handson engineering role.

• Proficient in EQL Linux Logstash filter syntax YAML and JSON.

• Handson experience with Beats (Filebeat Metricbeat etc. Elastic Agent and Logstash pipelines.

• Strong knowledge of information security concepts attack vectors and incident response workflows.

• Experience in Elastic SIEM integration with SOAR ticketing tools cloud platforms (AWS Azure) and security controls.

• Some scripting experience in Python Bash or PowerShell for automation and data manipulation.

• Excellent problemsolving skills and the ability to work independently or as part of a team.
  

Preferred Qualifications:

• Elastic Certified Engineer or related certification.

• Experience with Elastic Security App Fleet and Endpoint Integration.

• Prior experience in building and tuning SIEM solutions in hybrid environments (onprem and cloud).

Mandatory Requirements:

Employees must have a highspeed broadband internet connection with a minimum speed of50 Mbpsand the ability to set up a wired connection to their home network to ensure effective remote work. These requirements may be updated as needed by the business.

Evolent Health is an equal opportunity employer and considers all qualified applicants equally without regard to race color religion sex sexual orientation gender identity national origin veteran status or disability status.