About

Summary: We are looking for an advanced Elastic SIEM Engineer with deep expertise in security alerting, detection rules, Elastic Security dashboards, Watcher automation, and ML-based anomaly detection. This contract engagement focuses on strengthening and modernizing our SIEM alerting framework to improve threat visibility, reduce false positives, and enhance overall detection quality. Project Scope: You will be responsible for: - Reviewing, improving, and optimizing SIEM alerting within Elastic Security - Setting up and fine-tuning ML-driven anomaly detection jobs for threat behaviors - Creating, enhancing, and automating Watchers for SOC use cases - Building or refining security dashboards for real-time threat visibility - Ensuring alerts are accurate, meaningful, and integrated end-to-end across the SIEM workflow - Reducing noise and improving detection efficacy (correlation, threshold, indicator rules, etc.) - Providing knowledge transfer to SOC analysts and the security operations team Requirements: - Proven hands-on experience with Elastic Security / SIEM, Elasticsearch, and Kibana - Strong background in SIEM alerting, detection engineering, Watchers, and rule automation - Experience working with Elastic ML jobs, anomaly detection, behavior analytics, or UEBA-style workflows - Understanding of SOC processes, threat detection models, and incident response workflows - Ability to present technical concepts clearly to analysts and non-technical stakeholders - Previous experience training SOC staff is beneficial - Exposure to security frameworks (MITRE ATT&CK, NIST, etc.) is a plus Engagement Details: - Contract-based role - Fully Remote (locations: USA/Canada) - Immediate or flexible start - Ideal for experts with real-world SIEM and alerting implementation experience Please share: - A short summary of your SIEM / Elastic Security experience - Examples of SIEM detections, alerting workflows, Watchers, or ML-based use cases you have built