Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design and implement security detection using the Elastic Stack while collaborating with SOC teams.
- Company: Join a dynamic team focused on cutting-edge security solutions in Birmingham/London.
- Benefits: Enjoy flexible working with 3 days onsite and opportunities for professional growth.
- Why this job: Be at the forefront of cybersecurity, making a real impact in threat detection and response.
- Qualifications: Deep expertise in Elastic Security and SIEM, plus scripting skills in Python or Shell.
- Other info: Ideal for tech-savvy individuals passionate about security and collaboration.
The predicted salary is between 48000 - 72000 £ per year.
We are looking for an Elastic Security Consultant/Specialist for our client's project based at Birmingham/London, UK – 3 days per week Onsite.
Role Overview
An Elastic Security Specialist is responsible for designing, implementing, and maintaining security detection, alerting, and response capabilities using the Elastic Stack. You will work cross-functionally with SOC teams, threat hunters, and engineers to translate adversary behaviours into automated detection rules, build investigative workflows, and integrate Elastic Security with external security tools.
Key Responsibilities
- Detection Engineering
- Author and optimize detection rules in Elastic Security (EQL, Rule DSL, Sigma-to-ES mappings).
- Develop look-back and schedule intervals, ensuring coverage of varied threat actor behaviours.
- Tune rule thresholds and enrich alerts with contextual data (asset, user identity, threat intelligence).
- Alert & Exception Management
- Configure and maintain exception lists for noisy or benign events to reduce false positives.
- Design workflows for automated alert remediation via connectors (e.g., ServiceNow, Jira).
- Threat Hunting & Investigation
- Create and run ad hoc SIEM queries to hunt for IOC/IOA patterns across logs, network, endpoint data.
- Build Kibana dashboards and Timelion/ECharts visualizations for SOC monitoring.
- Integration & Automation
- Integrate Elastic Security with endpoint agents (Elastic Agent, Beats), EDR platforms, and threat intel feeds.
- Automate incident enrichment using Ingest Pipelines, transforms, and Machine Learning anomaly detection jobs.
- Platform Hardening & Scaling
- Advise on cluster sizing, index lifecycle management (ILM), snapshot/restore strategies for long-term data retention.
- Implement RBAC, field- and document-level security, and secure communications (TLS, SSL) for sensitive logs.
Required Technical Skills
- Deep expertise in Elastic SIEM / Elastic Security architecture and components.
- Deep expertise on the fundamentals of the overall Elastic stack components and its mode of deployment.
- Proficiency in Elasticsearch Query DSL, EQL, and Kibana Canvas/dashboards.
- Hands-on experience with Beats (Filebeat, Winlogbeat, Auditbeat) and Elastic Agent.
- Familiarity with threat intelligence platforms and IOC ingestion (STIX/TAXII).
- Solid understanding of security operations concepts: MITRE ATT&CK, kill-chain, SOC workflows.
- Scripting skills: Python, Shell, or Painless for pipeline processors.
- Deep familiarity with Filebeat modules (e.g. system, nginx, Kafka) and Metricbeat modules (e.g. docker, kubernetes, system) for out-of-the-box ingestion.
- Hands-on with Elastic Agent policies—creating integrations for logs, metrics, and uptime using Fleet.
- Ability to customize prospectors/inputs, multiline patterns, and conditionals in Beats to ensure complete, ECS-compliant event capture.
- Design and optimize Logstash pipelines: inputs (beats, syslog, Kafka), filters (grok, kv, date, geoip), and outputs (Elasticsearch, Kafka).
- Build native Elasticsearch ingest pipelines—using processors (grok, dissect, script, kv, CSV, geo_IP) to normalize and enrich events before indexing.
Soft Skills & Attributes
- Analytical mindset with attention to detail.
- Strong written and verbal communication, able to document playbooks and runbooks.
- Collaborative, able to guide cross-functional teams on detection best practices.
Elastic Security Consultant/Specialist employer: GIOS Technology
Contact Detail:
GIOS Technology Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Elastic Security Consultant/Specialist
✨Tip Number 1
Familiarise yourself with the Elastic Stack and its components. Understanding how each part works together will not only help you in interviews but also demonstrate your genuine interest in the role.
✨Tip Number 2
Engage with the Elastic community through forums or social media. Networking with professionals already in the field can provide insights into the latest trends and challenges, making you a more informed candidate.
✨Tip Number 3
Prepare to discuss real-world scenarios where you've applied your skills in detection engineering or threat hunting. Having concrete examples ready will showcase your practical experience and problem-solving abilities.
✨Tip Number 4
Stay updated on the latest security threats and trends. Being knowledgeable about current events in cybersecurity will allow you to speak confidently about how you can contribute to the team’s success.
We think you need these skills to ace Elastic Security Consultant/Specialist
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience and skills that align with the Elastic Security Consultant/Specialist role. Focus on your expertise in Elastic SIEM, detection engineering, and any hands-on experience with the Elastic Stack.
Craft a Compelling Cover Letter: Write a cover letter that showcases your passion for security and your understanding of the Elastic Stack. Mention specific projects or experiences where you've successfully implemented security solutions or detection rules.
Highlight Technical Skills: In your application, emphasise your technical skills such as proficiency in Elasticsearch Query DSL, EQL, and your scripting abilities. Be specific about your experience with tools like Beats and Elastic Agent.
Showcase Soft Skills: Don't forget to mention your soft skills, such as your analytical mindset and communication abilities. Provide examples of how you've collaborated with cross-functional teams or documented processes in previous roles.
How to prepare for a job interview at GIOS Technology
✨Showcase Your Technical Expertise
Be prepared to discuss your deep expertise in Elastic SIEM and the overall Elastic stack. Highlight specific projects where you've designed or implemented security detection capabilities, and be ready to explain your approach to writing EQL and Rule DSL.
✨Demonstrate Problem-Solving Skills
Expect scenario-based questions that assess your analytical mindset. Prepare examples of how you've tackled complex security challenges, such as tuning rule thresholds or designing automated alert remediation workflows.
✨Communicate Clearly
Strong communication skills are essential for this role. Practice explaining technical concepts in a clear and concise manner, as you may need to document playbooks or guide cross-functional teams on detection best practices.
✨Familiarise Yourself with Current Threats
Stay updated on the latest threat intelligence and security operations concepts, such as MITRE ATT&CK. Be ready to discuss how you would apply this knowledge in real-world scenarios during the interview.
