TC-CS-Cyber Detection and Response-SIEM Elastic-Senior

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Job Description for Elastic SIEM Consultant:

Key Capabilities:

• Should have experience in end-to-end design, deployment, management, and optimization of the Elastic SIEM solution
• Previous experience in administration and management of SIEM related activities using Elastic SIEM and on some other SIEM solutions like Sentinel, Splunk, QRadar as well.
• Develop and optimize detection rules, queries, and alerts within Elastic SIEM to enhance threat detection, covering multi-cloud, hybrid, and serverless environments. 
• Design efficient and secure log ingestion pipelines across various platforms, including serverless architectures and primary cloud services. This includes configuring log parsing, enrichment, and normalization. Also Ingesting logs using logstash.
• Create and refine custom Kibana dashboards, visualizations, and reports, enabling real-time insights into security events, trends, and incident response metrics tailored for diverse infrastructure environments. 
• Integrate Elastic SIEM with other security tools and external data sources. Develop API-based automation workflows and scripts to streamline operations and enhance threat intelligence capabilities. 
• Work closely with cross-functional teams—security analysts, network engineers, and system administrators—to support incident response and enhance situational awareness across environments. 
• Mentor junior team members and provide knowledge transfer sessions on Elastic SIEM configuration, optimization, and troubleshooting, ensuring team readiness and resilience.
• Supporting presales initiatives such as answering RFPs, client presentations, demos.
• If required should be able to lead a team on SIEM deployment/migration activities.

Qualification & Experience:

• 5-7 years of experience in Cyber Security
• 4-5 years of proven experience in designing, implementing, and managing Elastic SIEM solutions
• Familiarity with security frameworks, compliance standards, and regulatory requirements, with the ability to align SIEM operations to these standards
• Strong expertise in Elasticsearch, Kibana, Beats, Logstash, and other Elastic Stack components, with proficiency in scripting (e.g., Python, JS, PowerShell) for automation and customizations.
• Good business acumen to understand client requirements and build strong relationships.
• Strong oral, written and listening skills are an essential component to effective consulting.
• Bachelor’s degree in computer science, Information Security, or a related field. Relevant certifications (e.g., Elastic Certified Engineer, CompTIA Security+) are preferred.

Ideally, you should also be:

• Willing to work from ODC 5 days a week in rotational shift.

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.