Lead the architecture, design, and deployment of a large-scale, multi-tenant Elastic SIEM platform on GCP, supporting Central Logging Service (CLS) and Event Correlation & Behaviour Analytics (ECBA).
Key Responsibilities
Design scalable, multi-cluster Elastic architecture for high EPS environments
Develop data lifecycle strategy (hot/warm/cold/archive tiers)
Implement tenant isolation and RBAC models
Design and deploy cross-cluster search (CCS) and replication (CCR)
Integrate Elastic with:
SOAR
Network visibility Tools
External systems (EDR, identity, firewalls)
Ensure HA, DR, backup, and failover capabilities
Optimize for performance, scale, and cost efficiency
Support SA&A, security, and compliance requirements <...