Job Openings Operator

About the job Operator

AWS Elastic Operator Role Description

Job Title: AWS, Elastic Operator

Key Responsibilities

1. Security Observability Architecture

The AWS Elastic Operator is responsible for designing and maintaining a contemporary security observability stack. This stack utilises Elastic (ELK/Elastic Cloud), OpenTelemetry, and a range of AWS services, including CloudTrail, CloudWatch, GuardDuty, and Security Hub.

  • Develop and optimise log ingestion pipelines using Filebeat, Logstash, Kinesis, Lambda, or Elastic Agent.
  • Define and maintain data schemas, parsing logic, enrichment, and correlation rules to ensure effective data processing.

2. Log & Telemetry Engineering

Build scalable log-collection architectures that span AWS workloads, microservices, containers, and endpoints.

  • Implement automated log normalization, tagging, and metadata strategies for enhanced analytics and searchability.
  • Ensure the observability platforms availability, data retention, and performance.

3. Threat Detection & Analytics

Create detection rules, dashboards, and visualisations within Elastic SIEM/Kibana to monitor and analyse security threats.

  • Integrate AWS findings from services such as GuardDuty, Macie, and Inspector into central observability dashboards.
  • Implement behavioural analytics, anomaly detection, and early warning mechanisms to identify potential threats.

4. Automation & DevSecOps Integration

Automate observability deployments using tools such as Terraform, CloudFormation, or CI/CD pipelines to streamline operations.

  • Develop scripts and automations in Python, Go, or Bash to support data processing and alerting workflows.
  • Support SOAR integrations that enable automated response actions.

5. Security Monitoring & Incident Support

Provide support for threat hunting, incident response, and forensic investigations by delivering high-quality telemetry.

  • Ensure alerts are actionable, appropriately tuned, and aligned with business risk.
  • Participate in an on-call rotation for responding to critical security events.

6. Governance & Best Practices

Define logging and telemetry standards for AWS environments and engineering teams to ensure consistency and compliance.

  • Ensure compliance with security frameworks such as ISO 27001, SOC 2, NIST, and CIS Benchmarks.
  • Remain updated on emerging cloud security threats and enhancements to tooling.

Required Skills & Qualifications

  • Bachelors degree in Computer Science, Cybersecurity, or a related field, or equivalent professional experience.
  • 3–7+ years of practical experience in security engineering, cloud security, or observability.
  • Strong experience with:
  • Elastic Stack (Elasticsearch, Logstash, Kibana, Beats, Elastic Agents)
  • AWS security & monitoring services : CloudTrail, CloudWatch, GuardDuty, VPC Flow Logs, Config, Security Hub.
  • Deep understanding of SIEM, logging pipelines, and modern telemetry frameworks, such as OpenTelemetry.
  • Experience with scripting languages, including Python, PowerShell, and Bash, as well as automation skills.
  • Familiarity with Kubernetes and EKS log ingestion and observability practices.
  • Strong analytical and troubleshooting abilities.

Preferred Qualifications

  • Experience with Elastic Security, Elastic Cloud, or Elastic Enterprise Search.
  • Exposure to log streaming technologies (Kafka, Kinesis).
  • Hands-on experience with SOAR tools (Cortex XSOAR, Splunk SOAR, Tines).
  • Certifications:
    • Elastic Certified Engineer/Analyst
    • AWS Security Specialty
    • GIAC (e.g., GCIA, GCED)
  • Knowledge of cloud-native security frameworks and MITRE ATT&CK.