Sr. Security Engineer - SIEM, Automation & Elastic Security

Overview

SUMMARY

Serve as a senior member of the Cybersecurity Engineering team responsible for designing, implementing, and optimizing enterprise security monitoring and automation capabilities. Led the architecture and operational maturity of the organization's SIEM platform with a focus on Elasticsearch and security automation to improve threat detection, incident response, and visibility across enterprise infrastructure. Partnered with product, platform, DevOps, and security teams to integrate security telemetry, automate workflows, and strengthen the organization's overall cybersecurity posture.

ESSENTIAL/PRIMARY DUTIES, FUNCTIONS, AND RESPONSIBILITIES

• Design, implement, and maintain enterprise SIEM infrastructure, including Elasticsearch clusters, log pipelines, indexing strategies, and data ingestion from cloud, network, endpoint, and application sources.
• Develop and maintain SIEM detection content, including correlation rules, dashboards, threat detection use cases, and alerting frameworks to improve security monitoring and incident detection.
• Lead the Elasticsearch roadmap and platform strategy, ensuring scalability, high availability, performance optimization, and alignment with enterprise security initiatives.
• Built security automation workflows and scripts to streamline incident response, threat hunting, log enrichment, and security operations processes.
• Integrate SIEM/SOAR capabilities with security technologies including EDR, threat intelligence platforms, vulnerability scanners, identity systems, and network security tools to create a unified security monitoring ecosystem.
• Tune and optimized detection logic and log pipelines to reduce false positives and improve signal-to-noise ratio across security monitoring platforms.
• Collaborate with SOC analysts and incident response teams to investigate alerts, conduct forensic analysis, and identify root causes of security incidents.
• Ingest and operationalized threat intelligence feeds to enhance detection capabilities and proactively identify emerging threats.
• Implement monitoring and alerting frameworks to ensure health, performance, and availability of SIEM and Elasticsearch infrastructure.

• Analyze network, system, and application logs to identify security incidents, anomalies, and threat activity trends.
• Partner with cross-functional IT teams to integrate security telemetry from cloud platforms (Azure/AWS), Linux and Windows servers, networking systems, and enterprise applications.
• Develop automation workflows for operational security tasks, including vulnerability management, patch validation, and configuration monitoring.
• Support incident response planning and execution, leveraging SIEM analytics and automation to accelerate investigation and containment.
• Generate security metrics and reporting on incident trends, detection effectiveness, and operational KPIs for leadership and governance reporting.
• Assist with cybersecurity audits, vulnerability assessments, and penetration test remediation efforts.
• Contribute to the development and improvement of security architecture standards, policies, and governance frameworks.
• Evaluate emerging security technologies and recommend improvements to security monitoring, automation, and detection capabilities.
• Provide mentorship and guidance to junior security engineers and analysts while promoting security engineering best practices across teams.

JOB REQUIREMENTS (SKILLS & EXPERIENCE)

EDUCATION AND BUSINESS EXPERIENCE:

• Bachelor's degree (B.A. or B.S.) in computer science, cybersecurity or a related field from a four-year college or university
• At least 5 years of experience in cybersecurity, especially in a security engineering role.
• Three or more years of progressive technology management experience in cross-functional teams
• Strong familiarity with project and program management disciplines, methodologies, and processes
• Familiarity with the functioning of a program management office and governance frameworks
• Hands on experience with cross-functional execution
• Hospitality industry product development experience is a plus

TECHNICAL EXPERIENCE:

• SIEM Platforms: Elastic Stack (Elasticsearch, Logstash, Kibana), Azure Sentinel
• Automation & Scripting: Python, PowerShell, Bash, Ansible
• Security Technologies: EDR, CASB, SASE, SWG, ZTNA, DLP, IAM, PAM/PIM, WAF, IDS/IPS
• Infrastructure: Linux, Windows Server, Cloud (Azure/AWS/GCP), network security devices
• Logging & Data Processing: Syslog, log parsing, regex/grok pipelines, data normalization
• Security Domains: Threat detection, incident response, threat intelligence integration, log analytics, security automation

KNOWLEDGE, SKILLS, AND ABILITIES:

• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Strong problem-solving and trouble-shooting skills.
• Deep understanding of current and emerging cybersecurity technologies and how other enterprises are employing them to drive digital business, and how they may be applied to drive digital business.
• Strong customer service orientation in combination with persuasive skills and diplomacy to lead change and guide decisions.
• Highly self-motivated and directed.
• Team oriented and skilled in working within a collaborative environment
• Ability to appropriately prioritize and execute tasks in a fast-paced, service-intensive environment.
• Effective oral and written communication skills, including the ability to explain digital concepts and technologies to business leaders, as well as business concepts to technologists.
• Ability to effectively interact with all levels of management, from individual contributors to the executive team.

CERTIFICATIONS AND/OR LICENSES:

• Certified information systems security professional (CISSP) desired but not required.
• Additional certifications such as GIAC, CEH, or SIEM platform certifications are beneficial.

WORK ENVIRONMENT AND PHYSICAL DEMANDS:

• Ability to stand, bend, stoop, sit, walk, twist, and turn.
• Ability to lift up to 25 pounds occasionally.
• Ability to use a computer keyboard and calculator.