The public IT operator for Francophone public services maintains core security and audit platforms used across government IT services. This role exists to operate and evolve the organisation's ELK stack, combining Elasticsearch and Kibana with Logstash and Elastic Security, and to automate deployments with Ansible.
The mission
You will join the Security service in the Traceability / Audit / Reporting (TAR) team to support the organisation's centralized logging and security analytics platform. The platform runs on ELK (Elasticsearch, Logstash, Kibana) with Elastic Security and Elastic Defend for endpoint telemetry, and ingest pipelines integrate data from firewalls, WAFs, IAM systems and IDS/IPS feeds.
Day to day you will design and maintain log ingestion pipelines, transform data to Elastic Common Schema for consistent indexing, and operate the SIEM features in Elastic Security. You will automate deployments and configuration using Ansible, deploy and manage Elastic Agents on servers (primarily Linux, some Windows), and define dashboards and alerting rules used by SOC and infrastructure teams.
Your responsibilities
- Design and maintain log ingestion pipelines that collect, parse and normalise security telemetry from network and application sources
- Implement transformation and mapping to Elastic Common Schema so security events are consistently indexed and searchable
- Configure and operate Elastic Security SIEM use cases, alerts and investigative workflows to support detection and analysis
- Automate cluster and agent deployments, configuration drifts and routine maintenance with Ansible to reduce manual interventions
- Deploy and manage Elastic Agents on Linux hosts, validate endpoint telemetry and support Elastic Defend behavioural analysis
- Create and maintain Kibana dashboards and alerts that provide operational visibility to SOC, incident handlers and infrastructure owners
Your profile
Essential skills
- Proven experience operating Elasticsearch clusters and tuning index lifecycle, shards and query performance
- Practical knowledge of Logstash pipeline configuration and data parsing for security logs
- Hands-on Kibana experience building visualisations, dashboards and alerting rules
- Comfortable administering Linux servers where agents and collectors run
- Experience using Ansible to automate deployment, configuration and routine operational tasks
- Ability to work within a security-focused team, explain technical choices to operators and produce runbooks
Preferred skills
- Familiarity with Elastic Security SIEM features and Elastic Defend agent capabilities
- Experience integrating Kafka as a log transport layer
- Understanding of security data sources such as Firewall, WAF, IAM and IDS/IPS systems