Sr. Elastic Defend Analyst

Job Description

ECS is seeking a Sr. Elastic Defend Analyst to work in our Colorado Springs, CO office.

As a leading managed cybersecurity services provider, ECS delivers highly tailored cybersecurity solutions to meet each customer's mission needs. Our Professional Services Team partners closely with customers to understand their environment, assess their security posture, and implement end-to-end solutions that strengthen defense, reduce risk, and improve operational visibility.

As an Elastic Defend Analyst , you will apply your specialized expertise in Elastic Security-particularly Elastic Defend and Endpoint Security-to detect threats, investigate incidents, and enhance customer protection. You will work across technical, operational, and advisory domains and must be confident operating independently, leading technical conversations, and driving outcomes with minimal oversight.

This role blends deep hands-on Elastic Defend proficiency with cybersecurity fundamentals, threat analysis, and strong communication skills to ensure customers are protected from modern cyber threats.

Responsibilities

Endpoint Threat Detection & Response (Elastic Defend)

• Deploy, configure, and tune Elastic Defend agents across customer endpoints.
• Monitor, analyze, and respond to endpoint telemetry, alerts, and detections generated by Elastic Defend.
• Create and refine endpoint detection rules, exceptions, and response workflows to minimize false positives and strengthen threat coverage.

Elastic SIEM / Security Analytics

• Leverage Elastic SIEM to correlate events across logs, endpoints, cloud, and network sources.
• Build dashboards, detection rules, visualizations, and analytics that provide actionable intelligence to customers.
• Perform root-cause analysis on alerts and incidents, producing clear and detailed technical reports.

Threat Hunting & Research

• Conduct proactive hunts within Elastic Security using endpoint data, process behavior, and threat intelligence.
• Investigate emerging threats, vulnerabilities, and adversary TTPs to enhance detection capabilities.
• Contribute to continuous improvement of customer defenses by identifying gaps and proposing enhancements.

Incident Response & Analysis

• Support incident triage, containment, remediation, and recovery using Elastic Defend and SIEM capabilities.
• Analyze malicious files, processes, persistence mechanisms, and attacker behavior on compromised endpoints.
• Assist customers during large-scale or targeted breach investigations.

Content Development & Automation

• Develop custom detections, machine learning jobs, ingest pipeline logic, and endpoint response actions.
• Use scripting (Python, PowerShell, etc.) to automate repetitive tasks, enrich data, or streamline investigations.
• Evaluate new Elastic Security features and contribute recommendations for customer adoption.

Cross-Functional Collaboration & Communication

• Collaborate with threat intelligence, SOC, threat hunting, and engineering teams to improve customer protection.
• Provide clear, actionable guidance to technical and non-technical stakeholders.
• Share best practices on Elastic Defend configuration, tuning, and operational use.

Salary Range: $120,000 - $165,000

General Description of Benefits

Required Skills

• 2+ years of cybersecurity experience, preferably in detection, incident response, or endpoint security.
• Strong hands-on expertise with Elastic Defend for EDR/endpoint telemetry, detection rule creation, and agent management.
• Proficiency with Elastic SIEM, Kibana dashboards, ingest pipelines, and related Elastic Security components.
• Solid understanding of cybersecurity concepts (network protocols, malware behavior, encryption, threat actor TTPs).
• Strong analytical skills for interpreting endpoint and log data to detect anomalies.
• Scripting experience (Python, PowerShell, or similar) for automation and data manipulation.
• Experience creating or tuning SIEM/EDR rules, dashboards, and security content.
• Excellent written and verbal communication skills.
• Ability to work in a fast-paced environment with strong problem-solving skills.
• Able and willing to perform planned domestic or international travel.
• Must possess and maintain a U.S. Passport.
• Secret clearance required (minimum).

Desired Skills

• Relevant certifications such as Elastic Certified Analyst, CISSP, CEH, GCIH, or similar.
• Experience working in a Security Operations Center (SOC).
• Hands-on with EDR, SIEM, SOAR, and ticketing workflows.
• Familiarity with adversary techniques and frameworks (MITRE ATT&CK).
• Ability to support ad-hoc scripting and automation across multiple languages.
• Possession of an entry-level cybersecurity certification (A+, Net+, Sec+, GSEC, etc.).

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.