Sr. Elastic Defend Architect

Job Description

ECS is seeking a Sr. Elastic Defend Architect to work in our Colorado Springs, CO office.

Are you passionate about the ever-evolving world of cybersecurity and eager to make a positive and lasting impact? Join our team at ECS, a leading provider of advanced solutions in cloud, cybersecurity, artificial intelligence (AI), data, and enterprise transformation. If you're seeking a challenging yet rewarding role where you can architect cutting-edge endpoint security capabilities, strengthen your skills, and collaborate with experts across disciplines, this opportunity is perfect for you.

We are seeking an experienced Elastic Defend Architect to join our ECS Managed Security Service Provider (MSSP) team. The ideal candidate will possess deep expertise in Elastic Defend, Elastic Security, and Elasticsearch, with strong experience designing and implementing scalable, resilient endpoint security architectures. This role combines the engineering rigor of Elasticsearch/observability management with the specialized focus of Elastic Security and EDR. You will work closely with cross-functional teams to build, optimize, and maintain high-performing Elastic Defend environments that support mission-critical cybersecurity operations.

Responsibilities

• Architect, design, and deploy Elastic Defend across large and distributed enterprise environments.
• Configure and manage Fleet Servers, agent enrollment workflows, endpoint security policies, and security integrations.
• Design and maintain scalable Elasticsearch clusters supporting Elastic Security workloads.
• Build and optimize ingestion pipelines for endpoint telemetry, audit logs, alerts, and other security-relevant data.
• Improve Elastic Security performance through index management, ILM tuning, ECS mapping optimization, and ingest pipeline enhancements.
• Develop and maintain observability frameworks using Kibana and related tooling, ensuring complete visibility into cluster and EDR operations.
• Implement and support logging, metrics, and tracing systems needed for real-time monitoring and detection.
• Analyze and visualize datasets to support threat hunting, anomaly detection, and operational insights.
• Troubleshoot Elastic Defend agent behavior, endpoint policy issues, resource conflicts, and integration failures.
• Ensure data integrity, security, and compliance across all Elastic Security components.
• Collaborate closely with SOC, Incident Response, DevOps, cloud, and platform engineering teams to align architecture with mission requirements.
• Provide technical guidance, mentoring, and subject-matter expertise to internal teams and external stakeholders.
• Document system architectures, runbooks, deployment patterns, procedures, and best practices.
• Stay up to date on emerging Elastic Security capabilities, endpoint threat trends, and evolving cybersecurity technologies.

Salary Range: $150,000 - $190,000

General Description of Benefits

Required Skills

• Outstanding verbal and written communication abilities.
• Ability and willingness to support domestic or international on-site travel as needed.
• Possess and maintain a valid U.S. Passport.
• Must have a Secret clearance, at minimum.

Desired Skills

• Experience architecting or administering Elastic Security / Elastic Defend solutions in production environments.
• Certifications such as Elastic Certified Engineer, Elastic Certified Analyst, or Elastic Security Engineer.
• Strong understanding of SIEM and EDR concepts and hands-on experience with platforms such as Elastic, Splunk, QRadar, LogRhythm, or Sentinel.
• Proficiency with Linux/Unix systems, networking fundamentals, and cloud environments (AWS, Azure, Google Cloud Platform).
• Experience with DevOps/SRE methodologies, including automation, CI/CD, configuration management, and infrastructure-as-code.
• Strong scripting abilities in Python, PowerShell, or Bash for automation and data transformation.
• Deep knowledge of modern threat landscapes, endpoint attack techniques, and defensive security controls.
• Familiarity with search/indexing technologies such as Solr or Lucene is a plus.

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.