Sr. Elastic Defend Architect

About The Position

Requirements

• Outstanding verbal and written communication abilities.
• Ability and willingness to support domestic or international on-site travel as needed.
• Possess and maintain a valid U.S. Passport.
• Must have a Secret clearance, at minimum.

Responsibilities

• Architect, design, and deploy Elastic Defend across large and distributed enterprise environments.
• Configure and manage Fleet Servers, agent enrollment workflows, endpoint security policies, and security integrations.
• Design and maintain scalable Elasticsearch clusters supporting Elastic Security workloads.
• Build and optimize ingestion pipelines for endpoint telemetry, audit logs, alerts, and other security-relevant data.
• Improve Elastic Security performance through index management, ILM tuning, ECS mapping optimization, and ingest pipeline enhancements.
• Develop and maintain observability frameworks using Kibana and related tooling, ensuring complete visibility into cluster and EDR operations.
• Implement and support logging, metrics, and tracing systems needed for real-time monitoring and detection.
• Analyze and visualize datasets to support threat hunting, anomaly detection, and operational insights.
• Troubleshoot Elastic Defend agent behavior, endpoint policy issues, resource conflicts, and integration failures.
• Ensure data integrity, security, and compliance across all Elastic Security components.
• Collaborate closely with SOC, Incident Response, DevOps, cloud, and platform engineering teams to align architecture with mission requirements.
• Provide technical guidance, mentoring, and subject-matter expertise to internal teams and external stakeholders.
• Document system architectures, runbooks, deployment patterns, procedures, and best practices.
• Stay up to date on emerging Elastic Security capabilities, endpoint threat trends, and evolving cybersecurity technologies.