Sr SIEM Engineer

Your Future Evolves Here

Evolent Health has a bold mission to change the health of the nation by changing the way health care is delivered. Our pursuit of this mission is the driving force that brings us to work each day. We believe in embracing new ideas, challenging ourselves and failing forward. We respect and celebrate individual talents and team wins. We have fun while working hard and Evolenteers often make a difference working in everything from scrubs to jeans.

Are we growing? Absolutely and Globally. In 2021 we grew our teams by almost 50% and continue to grow even more in 2022. Are we recognized as a company you are supported by for your career and growth, and a great place to work? Definitely. Evolent Health International (Pune, India) has been certified as “Great Places to Work” in 2021. In 2020 and 2021 Evolent in the U.S. was both named Best Company for Women to Advance list by Parity.org and earned a perfect score on the Human Rights Campaign (HRC) Foundation’s Corporate Equality Index (CEI). This index is the nation's foremost benchmarking survey and report measuring corporate policies and practices related to LGBTQ+ workplace equality.

We recognize employees that live our values, give back to our communities each year, and are champions for bringing our whole selves to work each day. If you’re looking for a place where your work can be personally and professionally rewarding, don’t just join a company with a mission. Join a mission with a company behind it.

What You’ll Be Doing:

Position Summary:

We are seeking a highly skilled and experienced Senior SIEM Engineer with deep expertise in Elastic SIEM to join our cybersecurity team. This is a hands-on role responsible for architecting, deploying, administering, and developing security content and use cases in Elastic SIEM to support threat detection and incident response initiatives. The ideal candidate will have a solid foundation in cybersecurity operations, strong engineering skills, and a passion for developing advanced detection logic and correlation rules in Elastic Stack.

Key Responsibilities:

• Lead the design, implementation, tuning, and administration of Elastic SIEM/Elastic Stack (Elasticsearch, Logstash, Kibana, Beats) in enterprise environments.

• Work on ECU and license optimization efforts to save costs.

• Develop advanced correlation rules, detection logic, dashboards, and visualizations within Elastic SIEM.

• Build and maintain custom parsers, log ingestion pipelines, and data enrichment mechanisms using Logstash, Beats, and Elastic Agent.

• Engineer and maintain log collection from diverse data sources: firewalls, endpoints, servers, cloud platforms, applications, and network devices.

• Integrate Elastic SIEM with threat intelligence feeds and develop use cases for TTP detection aligned with MITRE ATT&CK framework.

• Continuously optimize performance, scalability, and availability of the SIEM platform.

• Collaborate with SOC, Incident Response, and Threat Intel teams to understand requirements and transform them into actionable use cases.

• Troubleshoot and resolve ingestion, parsing, and indexing issues.

• Support compliance reporting, data retention, and audit requirements (HIPAA, PCI-DSS, SOX, NIST, etc.).

• Document configurations, use cases, operational runbooks, and architectural changes.

• Partner with peers in Elastic SIEM concepts, query development, and best practices.
   

Required Qualifications:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field. Master’s preferred.

• 5+ years of experience in cybersecurity, with at least 2 years focused on Elastic SIEM/ELK Stack in a hands-on engineering role.

• Proficient in EQL, Linux, Logstash filter syntax, YAML, and JSON.

• Hands-on experience with Beats (Filebeat, Metricbeat, etc.), Elastic Agent, and Logstash pipelines.

• Strong knowledge of information security concepts, attack vectors, and incident response workflows.

• Experience in Elastic SIEM integration with SOAR, ticketing tools, cloud platforms (AWS, Azure), and security controls.

• Some scripting experience in Python, Bash, or PowerShell for automation and data manipulation.

• Excellent problem-solving skills and the ability to work independently or as part of a team.
   

Preferred Qualifications:

• Elastic Certified Engineer or related certification.

• Experience with Elastic Security App, Fleet, and Endpoint Integration.

• Prior experience in building and tuning SIEM solutions in hybrid environments (on-prem and cloud).

Mandatory Requirements:

Employees must have a high-speed broadband internet connection with a minimum speed of 50 Mbps and the ability to set up a wired connection to their home network to ensure effective remote work. These requirements may be updated as needed by the business.

​

Evolent Health is an equal opportunity employer and considers all qualified applicants equally without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, or disability status.