Elastic Search Architect - Lead

Elastic Search Architect - Lead


Duration: 6 Month Contract


Location: Baltimore is ideal - Hybrid model. If they can't find someone in Baltimore they will look at 100% Remote candidates.


OMF-REQ-0003064


Start Date 1/1/2025
End Date 6/30/2025
Work Location: Baltimore MD Management Office (100 International Dr, Legg Mason Tower - Flrs 15-16, Baltimore, MD 21202)

Job Title: Elastic Search Architect - Lead


Cybersecurity Tech, a team within OneMain's Technology department, is a fast-growing team focused on providing expert insight into risk, developing team members, and effective oversight of cybersecurity and technology risk. This is a team where you can work with great team members across the Cyber Risk, Cyber Tech, Risk Management, and Technology organizations. You will be challenged to excel with exciting and challenging opportunities daily. There is transparency and great support from management teams to allow team members to be effective, grow their careers and meet company goals. Hard work and initiative are rewarded and recognized by management and colleagues alike, which promotes a culture of respect and value across the organization. Within the Cybersecurity Tech team, you will be conducting meaningful work and making a difference in the lives of OneMain's customers and team members by promoting a cybersecurity culture, optimizing cybersecurity capabilities, protecting data, and developing cyber resilient programs.


Job Summary: We are seeking an experienced Elastic Search Architect to lead the deployment and management of our new SIEM instance in AWS. The ideal candidate will possess extensive experience in enterprise-level Elastic Search cluster setups, AWS cloud environments, and a deep understanding of SIEM architecture. This role requires expertise in data ingestion, AI assistance integration, and the ability to support stakeholders effectively. The candidate should have a proactive approach, demonstrate problem-solving skills, and be capable of prioritizing and delivering critical tasks efficiently.


Key Responsibilities:

• Elastic Search Setup and Maintenance : Design, deploy, and maintain Elastic Search clusters according to enterprise standards in AWS environments. Utilize AWS CLI and commands for optimal cloud resource management.
• Data Ingestion and Integration : Develop strategies to onboard data into Elastic using Elastic agents, Logstash, or custom APIs. Provide custom data onboarding solutions when standard methods do not suffice. Work independently with application teams to ensure data is onboarded in a standardized way that will not cause issues in the future.
• AI Integration : Implement AI-powered capabilities in Elastic to enhance anomaly detection, predictive analytics, and automated alerting. Develop search and security solutions using ElasticSearch, including adding data and leveraging AI tools for search, vectorization, and visualization. Utilize ElasticSearch's API, web crawler connectors, and language clients for advanced data processing.
• Proactive Stakeholder Support : Collaborate closely with stakeholders to resolve any issues related to the Elastic platform. Proactively identify improvements and stay ahead of critical tasks, ensuring seamless operations.
• Documentation and Compliance : Document architecture, data sources, configurations, and integration processes. Maintain clear records of activities, ensuring compliance with industry standards.
• Elastic Roles Management : Regularly review and manage user roles within Elastic, ensuring access levels are appropriate and secure. Lead clean-up initiatives to restrict unnecessary admin privileges.
• Syslog Setup : Design and implement solutions, including setting up Syslog servers to obfuscate PII data before indexing it into Elastic.
• Automation : Create robust automation scripts to streamline processes and automate Elastic Search cluster management. Experience with GitHub deployment processes to automate CI/CD pipelines.
• Custom Development : Develop and deploy APIs for efficient data onboarding and adapt out-of-the-box solutions to meet complex business needs. Leverage tools like Docker and OpenShift to host Elastic Agents for seamless integrations.
• Gap Analysis and Optimization : Perform ongoing gap analysis for SIEM detections and logging capabilities, fine-tuning and optimizing their performance for improved efficiency.
• Cross-Tool Management : Learn and manage additional tools such as Devo and Key Caliber if no prior experience. Work with these tools to create a seamless SIEM environment.
• Collaborate and Mentor : Build and maintain strong working relationships with IT engineering, security, and other stakeholders. Mentor junior engineers and work closely with external vendors to troubleshoot and resolve issues.
• Incident Handling and Alerts : Assist in developing alerting mechanisms based on tactics, techniques, and procedures (TTPs) associated with cyber threats.
• Cluster Design and Architecture : Design Elastic Search clusters for scalability, high availability, redundancy, and data partitioning. Choose appropriate node types, configure shard allocations, and design indexing strategies for optimal performance.
• Cluster Maintenance and Performance Optimization : Monitor the Elastic cluster using tools like Kibana and Grafana. Conduct capacity planning, shard rebalancing, and performance tuning to ensure optimal performance.
• Incident Handling and Troubleshooting : Troubleshoot and diagnose cluster issues, including master node failures, split-brain scenarios, and indexing performance bottlenecks. Set up alerting mechanisms to detect and mitigate potential issues.

Required Skills and Experience:

• Elastic Search Expertise : Minimum 5-10 years of experience setting up and maintaining Elastic Search clusters at an enterprise level.
• AWS Cloud Experience : Strong experience working in AWS environments, with proficiency in AWS CLI, EC2, IAM, and related AWS services.
• SIEM and Security Experience : At least 2-3 years of experience working in IT Security, with exposure to Security Information and Event Management (SIEM)
• Data Onboarding and Custom API Development : Proven experience in custom API development, Elastic agent and Logstash onboarding, and overcoming data ingestion challenges.
• Scripting Skills : Proficiency in Python, PowerShell, Bash, or other scripting languages to automate tasks and streamline operations.
• Syslog Management : Experience setting up and maintaining syslog servers, with the ability to obfuscate sensitive data before ingestion.
• Observability Tools : Familiarity with Docker and OpenShift, particularly in the context of monitoring and logging.
• Problem Solving and Out-of-the-Box Thinking : Ability to develop workarounds and custom solutions for non-standard use cases without relying on immediate out-of-the-box solutions.
• Documentation Skills : Demonstrated ability to maintain detailed and organized documentation of configurations, processes, and incidents.
• Stakeholder Engagement : Ability to work closely with IT teams, business stakeholders, and vendors to ensure effective communication, efficient troubleshooting, and the delivery of quality results.
• Proactive and Adaptable : A proactive mindset with a strong ability to prioritize tasks, stay ahead of potential issues, and respond quickly to urgent requests.

Preferred Skills:

• Bachelor's degree in information technology , Cybersecurity, or a related field.
• Experience integrating applications such as CrowdStrike, Azure, GitHub, Filebeat, etc., with Elastic.
• Familiarity with Azure and other SIEM platforms.
• Experience with SOAR platforms and authoring security runbooks.
• Strong understanding of cyber threat tactics, techniques, and procedures.
• Ability to create visualizations and reports to generate actionable insights using Elastic Stack and other internal tools.

Why Join Us?

• Be at the forefront of SIEM and cybersecurity technology by working on a state-of-the-art Elastic Search deployment.
• Collaborate with cross-functional teams, industry experts, and gain exposure to advanced observability and security automation tools.
• Contribute to a culture that values proactive problem-solving, learning, and continuous improvement.

ADDITIONAL INFORMATION

• • Position Type : If the right candidate is not available closer to the Baltimore MD location, remote work is acceptable.
  • If Hybrid : For hybrid arrangements, 40% onsite weekly is required.
  • Top Skills :
    1. Security Information Event Management platform - Elastic Search Cluster (Design/Configure/Maintain)
    2. AWS Cloud Experience
    3. Data source onboarding, integrations, and custom API development
    4. Syslog server (rsyslog) setup experience
  • Extension or Conversion to FTE : Not applicable at this moment.