We are trying to source Sr. Elastic Security Engineer for our direct client for a Long Term Hybrid Project in New York City, NY. We need a Senior Elastic Security Engineer, who will lead end-to-end Elastic Security deployments and deliver ongoing managed services to customers. This role combines deep technical expertise in Elastic Security's unified platform—encompassing SIEM, XDR, endpoint security (Elastic Defend), and cloud security—with strong project leadership skills to ensure successful implementations and continuous security operations.
You will leverage the Search AI Platform's powerful capabilities including AI-driven security analytics, Attack Discovery, and Elastic AI Assistant to help customers detect threats faster, investigate incidents efficiently, and respond to modern cyber threats. This position requires working independently across technical, operational, and advisory domains while collaborating with cross-functional teams.
It is a Long Term Hybrid position based in New York City, NY…
Deployment Responsibilities
Elastic Security & SIEM Implementation
- Design, architect, and deploy Elastic Security environments (Elastic Cloud or self-managed) tailored to customer requirements
- Configure data ingestion pipelines using Elastic Agent, Beats (Filebeat, Metricbeat, Auditbeat, Winlogbeat), and Logstash for logs, endpoints, cloud platforms, and network sources
- Build and optimize detection rules, dashboards, visualizations, and analytics in Kibana for actionable threat intelligence
- Implement prebuilt and custom detection rules aligned with the MITRE ATT&CK framework
- Configure machine learning anomaly detection jobs and UEBA packages for behavioral analytics
- Conduct performance tuning, capacity planning, and searchable snapshot configuration for cost-effective data retention
Elastic Defend (EDR/XDR) Deployment
- Deploy, configure, and tune Elastic Defend integration across customer endpoints (Windows, macOS, Linux) and cloud workloads
- Configure endpoint protection policies including malware prevention, ransomware protection, memory threat detection, and malicious behavior prevention
- Establish credential hardening and Device Control policies to prevent data loss and unauthorized access
- Configure response actions, trusted applications, event filters, and exception lists to minimize false positives
- Integrate endpoint telemetry with SIEM using Elastic Common Schema (ECS) for comprehensive correlation
- Manage agent deployment at scale using Fleet for centralized configuration and policy management
Cloud Security Deployment
- Deploy Cloud Security Posture Management (CSPM) to evaluate AWS, Azure, and Google Cloud Platform configurations against CIS benchmarks
- Configure Kubernetes Security Posture Management (KSPM) for EKS and self-managed Kubernetes clusters
- Implement Cloud Native Vulnerability Management (CNVM) to discover and scan cloud workload vulnerabilities
- Set up Cloud Workload Protection for runtime protection of cloud environments
- Configure agentless ingestion and cloud asset inventory for comprehensive visibility
Project Delivery
- Lead technical scoping, planning, and execution of deployment projects
- Leverage Automatic Migration capabilities to migrate detection rules from other SIEM platforms
- Use Automatic Import to create custom integrations from sample log data
- Create deployment documentation, runbooks, and knowledge transfer materials
- Conduct training sessions and handover activities for customer teams
Post-Deployment Managed Services Responsibilities
Security Operations & Monitoring
- Monitor, analyze, and respond to alerts and detections generated by Elastic Security detection engine
- Leverage Attack Discovery to automatically identify and prioritize coordinated attacks from alert data using AI
- Utilize Elastic AI Assistant to accelerate investigations, generate ES|QL queries, and assist with incident response
- Perform root-cause analysis using Timeline, visual event analyzer, and Session View (Linux) investigation tools
- Maintain and continuously improve detection rules, dashboards, and response procedures
- Manage Cases for collaborative incident tracking and documentation
Threat Hunting & Research
- Conduct proactive threat hunts using ES|QL queries, entity analytics, and threat intelligence
- Leverage host and user risk scores with asset criticality assessments to prioritize investigations
- Investigate emerging threats, vulnerabilities, and adversary TTPs using Elastic Security Labs research
- Identify security gaps and propose enhancements to strengthen customer defenses
- Contribute to detection rule development aligned with MITRE ATT&CK techniques
Incident Response Support
- Support incident triage, containment, remediation, and recovery using Elastic Security response capabilities
- Execute endpoint response actions including host isolation, process termination, and file retrieval
- Analyze malicious files, processes, persistence mechanisms, and attacker behavior on compromised endpoints
- Utilize osquery integration for additional host context during investigations
- Assist customers during large-scale or targeted breach investigations
Content Development & Automation
- Develop custom detection rules using KQL and ES|QL query languages
- Configure and tune machine learning anomaly detection jobs for customer-specific use cases
- Build ingest pipeline logic for data normalization and enrichment
- Use scripting (Python, PowerShell) to automate tasks and integrate with third-party SOAR platforms
- Evaluate new Elastic Security features and AI capabilities for customer adoption
- Configure automated response actions triggered by detection rules
Qualifications Required
- 5+ years of experience in cybersecurity with focus on SIEM/EDR technologies
- Demonstrated expertise with Elastic Security, including SIEM, Elastic Defend (EDR), and the Elastic Stack (Elasticsearch, Kibana)
- Strong understanding of endpoint security, threat detection, and incident response methodologies
- Experience with data ingestion using Elastic Agent, Beats, Logstash, and Fleet management
- Proficiency in KQL (Kibana Query Language) and ES|QL for detection and investigation
- Proficiency in at least one scripting language (Python, PowerShell, Bash)
- Knowledge of MITRE ATT&CK framework and adversary TTPs
- Excellent communication skills for technical and non-technical stakeholders
- Ability to work independently and lead technical conversations
Preferred
- Elastic Certified Engineer or Elastic Certified Analyst certification
- Elastic Certified SIEM Analyst certification
- Experience with cloud security (AWS, Azure, Google Cloud Platform) and Elastic's CSPM/KSPM capabilities
- Background in SOC operations, threat hunting, or security consulting
- Experience with machine learning-based anomaly detection and behavioral analytics
- Familiarity with security orchestration and automation (SOAR) platforms
- Relevant certifications: GIAC (GCIH, GCIA), OSCP, or equivalent
Never miss an opportunity! Create an alert based on the job you applied for.
