Sr. Elastic Defend Architect (SECRET CLEARANCE REQUIRED)

Responsibilities

• Architect, design, and deploy Elastic Defend across large and distributed enterprise environments.
• Configure and manage Fleet Servers, agent enrollment workflows, endpoint security policies, and security integrations.
• Design and maintain scalable Elasticsearch clusters supporting Elastic Security workloads.
• Build and optimize ingestion pipelines for endpoint telemetry, audit logs, alerts, and other security-relevant data.
• Improve Elastic Security performance through index management, ILM tuning, mapping optimization, and ingest pipeline enhancements.
• Develop and maintain observability frameworks using Kibana and related tooling, ensuring complete visibility into cluster and EDR operations.
• Implement and support logging, metrics, and tracing systems needed for real-time monitoring and detection.
• Analyze and visualize datasets to support threat hunting, anomaly detection, and operational insights.
• Troubleshoot Elastic Defend agent behavior, endpoint policy issues, resource conflicts, and integration failures.
• Ensure data integrity, security, and compliance across all Elastic Security components.
• Collaborate closely with SOC, Incident Response, DevOps, cloud, and platform engineering teams to align architecture with mission requirements.
• Provide technical guidance, mentoring, and subject-matter expertise to internal teams and external stakeholders.
• Document system architectures, runbooks, deployment patterns, procedures, and best practices.
• Stay up to date on emerging Elastic Security capabilities, endpoint threat trends, and evolving cybersecurity technologies.

Required Skills

• Outstanding verbal and written communication abilities.
• Ability and willingness to support domestic or international on-site travel as needed.
• Possess and maintain a valid U.S. Passport.
• Must have a Secret clearance, at minimum.

Desired Skills

• Experience architecting or administering Elastic Security / Elastic Defend solutions in production environments.
• Certifications such as Elastic Certified Engineer, Elastic Certified Analyst, or Elastic Security Engineer.
• Strong understanding of SIEM and EDR concepts and hands-on experience with platforms such as Elastic, Splunk, QRadar, LogRhythm, or Sentinel.
• Proficiency with Linux/Unix systems, networking fundamentals, and cloud environments (AWS, Azure, GCP).
• Experience with DevOps/SRE methodologies, including automation, CI/CD, configuration management, and infrastructure-as-code.
• Strong scripting abilities in Python, PowerShell, or Bash for automation and data transformation.
• Deep knowledge of modern threat landscapes, endpoint attack techniques, and defensive security controls.
• Familiarity with search/indexing technologies such as Solr or Lucene is a plus.

Powered by JazzHR