Insight Global
We are seeking an experienced
Elastic Security Architect
to design, deploy, and optimize
Elastic Defend
across large, distributed enterprise environments. This role requires deep technical expertise in Elastic Security, endpoint protection, and SIEM/EDR concepts, along with strong collaboration skills to work across SOC, Incident Response, DevOps, and cloud engineering teams.
Responsibilities
Architect, design, and deploy
Elastic Defend
for enterprise endpoint security.
Configure and manage Fleet Servers, agent enrollment workflows, and security policies.
Design and maintain scalable
Elasticsearch clusters
supporting Elastic Security workloads.
Build and optimize ingestion pipelines for endpoint telemetry, audit logs, and alerts.
Enhance Elastic Security performance through index management, ILM tuning, and ingest pipeline improvements.
Develop observability frameworks using
Kibana
for complete visibility into cluster and EDR operations.
Implement logging, metrics, and tracing systems for real-time monitoring and detection.
Analyze and visualize datasets to support threat hunting and anomaly detection.
Troubleshoot Elastic Defend agent behavior, policy issues, and integration failures.
Ensure data integrity, security, and compliance across Elastic Security components.
Collaborate with SOC, IR, DevOps, and platform teams to align architecture with mission requirements.
Provide technical guidance and mentoring to internal teams and stakeholders.
Document architectures, runbooks, deployment patterns, and best practices.
Stay current on emerging Elastic Security capabilities and evolving threat trends.
Required Skills
Outstanding verbal and written communication skills.
Ability and willingness to travel as needed.
Valid U.S. Passport.
Active Secret clearance (minimum).
Desired Skills
Hands‑on experience architecting or administering
Elastic Security / Elastic Defend
in production.
Certifications such as
Elastic Certified Engineer ,
Elastic Certified Analyst , or
Elastic Security Engineer .
Strong understanding of
SIEM
and
EDR
concepts; experience with platforms like Elastic, Splunk, QRadar, LogRhythm, or Sentinel.
Proficiency with Linux/Unix systems, networking fundamentals, and cloud environments (AWS, Azure, GCP).
Experience with DevOps/SRE methodologies, automation, CI/CD, and infrastructure‑as‑code.
Scripting skills in Python, PowerShell, or Bash.
Deep knowledge of modern threat landscapes and endpoint attack techniques.
Familiarity with search/indexing technologies (Solr, Lucene) is a plus.
Seniority Level Mid‑Senior level
Employment Type Full‑time
Job Function Information Technology
Industries Staffing and Recruiting
Benefits
Medical insurance
Vision insurance
401(k)
#J-18808-Ljbffr
Elastic Security Architect
to design, deploy, and optimize
Elastic Defend
across large, distributed enterprise environments. This role requires deep technical expertise in Elastic Security, endpoint protection, and SIEM/EDR concepts, along with strong collaboration skills to work across SOC, Incident Response, DevOps, and cloud engineering teams.
Responsibilities
Architect, design, and deploy
Elastic Defend
for enterprise endpoint security.
Configure and manage Fleet Servers, agent enrollment workflows, and security policies.
Design and maintain scalable
Elasticsearch clusters
supporting Elastic Security workloads.
Build and optimize ingestion pipelines for endpoint telemetry, audit logs, and alerts.
Enhance Elastic Security performance through index management, ILM tuning, and ingest pipeline improvements.
Develop observability frameworks using
Kibana
for complete visibility into cluster and EDR operations.
Implement logging, metrics, and tracing systems for real-time monitoring and detection.
Analyze and visualize datasets to support threat hunting and anomaly detection.
Troubleshoot Elastic Defend agent behavior, policy issues, and integration failures.
Ensure data integrity, security, and compliance across Elastic Security components.
Collaborate with SOC, IR, DevOps, and platform teams to align architecture with mission requirements.
Provide technical guidance and mentoring to internal teams and stakeholders.
Document architectures, runbooks, deployment patterns, and best practices.
Stay current on emerging Elastic Security capabilities and evolving threat trends.
Required Skills
Outstanding verbal and written communication skills.
Ability and willingness to travel as needed.
Valid U.S. Passport.
Active Secret clearance (minimum).
Desired Skills
Hands‑on experience architecting or administering
Elastic Security / Elastic Defend
in production.
Certifications such as
Elastic Certified Engineer ,
Elastic Certified Analyst , or
Elastic Security Engineer .
Strong understanding of
SIEM
and
EDR
concepts; experience with platforms like Elastic, Splunk, QRadar, LogRhythm, or Sentinel.
Proficiency with Linux/Unix systems, networking fundamentals, and cloud environments (AWS, Azure, GCP).
Experience with DevOps/SRE methodologies, automation, CI/CD, and infrastructure‑as‑code.
Scripting skills in Python, PowerShell, or Bash.
Deep knowledge of modern threat landscapes and endpoint attack techniques.
Familiarity with search/indexing technologies (Solr, Lucene) is a plus.
Seniority Level Mid‑Senior level
Employment Type Full‑time
Job Function Information Technology
Industries Staffing and Recruiting
Benefits
Medical insurance
Vision insurance
401(k)
#J-18808-Ljbffr