ELK Senior Developer

Requirement:

• Location: Dubai WFO
• Notice: Immediate/Serving notice (10 days)
• Skill: Senior ELK Developer
• Experience Range: 7+ years

We are a financial organization with a focus on high threat who demand experience and proven security models to protect data. We are seeking an experienced Elasticsearch (Elastic/ELK/ECE) Engineer to join our team, candidate will be focused on the day-to-day operations and improvement of the ELK cluster utilized as the SIEM function. This is a unique opportunity to shape the growth, development, and culture of an exciting and emerging company.

Candidate will be responsible for developing and administrating

SEIM logs, Application logs and APM logs from day-to-day basis. This should also include an development, integrations, upgradations and enhancements with the current system. Candidate should have worked as a developer on the Elastic 8.13.x with hands on ELK development experience and administration. Should have worked on core Elastic, Logstash and Kibana.

• Good understanding ILM (index lifecycle management)

• Need for an Elastic Architect - particularly concerning ELK node roles. Support for issues, including a weekly support roster.

• Three main categories are

a) onboarding application logs (requiring parsing at the Logstash or Elasticsearch engine level)

b) microservices (specifically data retrieval from containerized environments),

c) SOC requirements (handling logs from various security tools like G Scalar, Windows, Sorted Beat, Palo Alto, Checkpoint, and Firewall).

Pointers:

• Development and administration resources, with 70% for development and 30% for administration,

• AI capabilities, particularly knowledge of Lama and local LLMs, are Nice to have.

• The deployment environment is primarily on-premises for production, with AWS cloud used for non-production environments.

• Elasticsearch version 8.13 is mentioned, but any version above 8 is acceptable, with a move towards 9.3. (In Planning Phase)

• Security integration uses Elastic SIEM, not Splunk or QRadar. APM monitoring is transitioning to ADD, so it's not a primary focus.

• Currently, there are no third-party integrations in scope.

Note: Looking for immediate to 10 days’ Notice period candidates only

Interested candidates please share your CV to [email protected] with below details:

Total Exp:

Relevant Exp in ELK:

Relevant Experience in On-premises:

Relevant Experience in BFSI Domain :

Any Certification (Name please):

Current CTC:

Expected CTC:

Current location:

Notice period:

Highest Education:

Nationality: