Elastic Engineer

Responsibilities Implements security monitoring and documents standard operations procedures for the Incident Management Team. Implements security monitoring rules, reports and dashboard while maintaining best practices to ensure maximum security tool efficiency. Monitors security systems, analyzes events and investigates security-related incidents. Creates Threat Hunting models for Endpoints and Network Traffic. Analyzes endpoint including logging, EDR, IPS and DLP tools. Analyzes network monitoring including IPS, WAF, PCAP and Netflow tools. Focuses on critical systems within Vanguard’s network to detect, respond and handle incidents related to unauthorized activity, malware, and APTs Keeps management within the department informed by communicating progress, issues, concerns and opportunities. Assesses and immediately notifies the manager of any potential information security breach and security issues that may have a negative impact on business operations. Identifies opportunities to improve the quality, efficiency and effectiveness of the department as well as the processes that affect the divisions and the enterprise. Maintains an awareness of the department's dashboard and provides suggestions to improve performance. Identifies Tactical Intelligence relevant to Vanguard systems. Works with Incident Management and Threat management to follow incident response procedures to ensure proper detection, mitigation controls. Escalates internal threat issues to the Insider Threat Team. Participates in special projects and performs other duties as assigned. Qualifications Experience creating security monitoring within a SIEM. Experience creating alerts, dashboards and pipelines in Elastic Demonstrated initiative and ability to work independently with attention to detail. Demonstrated ability to be flexible and exercise good judgment. Demonstrated strong organization and time management skills.   Excellent multitasking and time management skills. Experience analyzing endpoint logging, detection, response and forensic tools. Working knowledge of AWS, Azure or GCP