Senior Security Engineer - Elastic SIEM and Detection Engineering
About The Position
Acronis is seeking a Senior Security Engineer to lead their Elastic SIEM and Detection Engineering program. This is an engineering-focused role responsible for building scalable detection pipelines, enhancing telemetry quality, and developing high-confidence detections to improve security team efficiency and response times. The engineer will manage the Elastic Security environment, including log ingestion, platform optimization, Detection-as-Code pipelines, and detection coverage strategy. The role is suited for individuals who enjoy system building, signal improvement, workflow automation, and solving large-scale detection engineering challenges. While primarily an engineering role, it also involves serving as a Tier 2 escalation point for complex security events, assisting with incident scoping, initiating containment, and refining detections based on real-world activity. This is a high-impact position offering significant ownership and the chance to influence detection engineering practices across the organization.
Requirements
- 5+ years of cybersecurity engineering experience
- 3+ years focused on SIEM engineering, detection engineering, or security analytics
- Strong hands-on experience with Elastic Security and the Elastic Stack
- Experience building or maintaining Detection-as-Code workflows using Git and CI/CD pipelines
- Strong understanding of detection tuning, alert fidelity, and operational detection quality
- Ability to independently investigate complex alerts and produce actionable findings
- Technical Experience: Elastic Security, Kibana, Fleet, Elastic Agents, EQL/KQL
- Detection engineering and MITRE ATT&CK mapping
- Jenkins, Bitbucket Pipelines, GitHub Actions, or similar CI/CD tooling
- Python and/or PowerShell scripting
- AWS CloudTrail, VPC Flow Logs, Azure Monitor, or similar telemetry sources
- TCP/IP, DNS, HTTP/S, and common attack patterns
- Threat intelligence enrichment and operationalization
Nice To Haves
- SOAR playbook development and automated response workflows
- Sigma rule development
- Elastic detection-rules ecosystem familiarity
- Terraform or Ansible experience
- Previous SOC or Incident Response background
Responsibilities
- Own and optimize the Elastic Security platform (Elasticsearch, Kibana, Fleet, Logstash, Elastic Agents)
- Design and maintain ingestion pipelines for cloud, endpoint, network, and application telemetry
- Improve telemetry quality, data retention, performance, and investigation workflows
- Integrate SIEM workflows with SOAR and automation tooling
- Build and maintain a Detection-as-Code pipeline using Git-based workflows and CI/CD automation
- Develop, test, tune, and maintain high-fidelity detections using Elastic Security, EQL, and KQL
- Reduce alert noise through tuning, enrichment, suppression, and exception handling
- Map detections to MITRE ATT&CK and help drive detection coverage strategy
- Track detection quality metrics including alert fidelity, false positive rates, and coverage gaps
- Assist with complex alert escalations and perform initial incident scoping
- Execute initial containment actions when necessary (endpoint isolation, IP/domain blocking, account suspension)
- Participate in a low-frequency on-call rotation for critical incidents
- Translate incident learnings into improved detections and telemetry coverage
- Partner with infrastructure, DevSecOps, and cloud teams to improve logging and visibility
- Build automation and tooling using Python and/or PowerShell
- Support purple team exercises and adversary simulations
Benefits
- medical, dental, and vision coverage
- flexible spending accounts (FSA)
- disability and life insurance
- a 401(k) retirement plan with company match
- a generous vacation policy
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
