Cloud Defensive Security Engineer; Elastic

As a Defensive Security Engineer, you will be part of the Cloud Defense team within Security Operations. Your main objective is to own and evolve our Elastic-based detection and observability platform, enabling “Defense as a Service” for security and engineering teams across the company. You will combine strong Elastic expertise with solid Infra/Dev Sec Ops  practices to elevate our detection capabilities to the next level.

We don’t expect you to be a deep security expert from day one. What we need is someone strong on Elastic and platform engineering who enjoys working with security engineers, SOC analysts and incident responders, and is happy to grow his security skills on the job.

You will be instrumental in ensuring that Adevinta’s security strategy covers industry-relevant security standards. The Cloud Defense team is part of the Information Security department where your team will collaborate with other services such as Vulnerability Management, Bug Bounty programs, and SPLC Security among others.

You will join the Cloud Defense team, responsible for consolidating and scaling our operating defensive security capabilities for our multi-cloud (AWS and GCP environments), platforms and applications.

You will be supporting the team in the following areas:

• Redesign, evolve and operate our Elastic stack (Elasticsearch, Kibana, Elastic Security/Observability) as a core part of the Defensive platform.

• Own the ingestion pipelines for security and infrastructure telemetry (e.g. AWS/GCP audit logs, EDR telemetry, OS/syslog from Linux fleets and key application logs from our core products), including Beats/Agents, ingest pipelines and index lifecycle management.

• Pragmatically optimise Elastic for performance, scalability, cost and reliability (index strategy, shard planning, hot/warm/cold, retention policies).

• Define and maintain standards and templates for indices, data streams, mappings and dashboards.

• Implement and maintain detection content in Elastic (KQL/EQL queries, rules, anomaly jobs) following defense-as-code practices: versioning, code reviews, testing and CI/CD.

• Collaborate with engineering teams, SOC and Incident Response to translate threat scenarios and cloud/runtime risks into Elastic rules, alerts and dashboards.

• Improve detections to reduce false positives and improve signal quality, based on feedback from SOC, IR and product teams.

• Contribute to internal tooling that improves detection engineering (e.g. shared rule templates, test harnesses, linters, rule packaging).

• Manage Elastic infrastructure, data pipelines, and content deployments using IaC tools (Terraform, Cloud Formation) and CI/CD platforms (Git Hub Actions, Argo CD).

• Integrate Elastic with other security and cloud services (e.g. EDR agents, cloud-native security tools, ticketing, notification channels, SOAR) to support end-to-end defensive workflows.

• Support the hardening and security of the Elastic platform (access control, encryption, secrets, network policies, backups and recovery).

• Treat Elastic as a product: maintain a roadmap, backlog, changelog and documentation for the platform’s security capabilities.

• Provide self-service onboarding patterns for product and platform teams (data ingestion blueprints, dashboards, reference queries, runbooks).

• Partner with Cloud, SRE, Platform and Application teams to ensure the right telemetry is available for runtime security, incident response and troubleshooting.

• Build and maintain simple and clear dashboards that show data coverage, detection health and ingest reliability over time.

• Level up the team’s Elastic skills by treating detections as data problems: help colleagues design data models, queries and pipelines that scale, and coach them on performance, cost and reliability trade-offs at our volume.

• Strong hands-on experience designing, operating and troubleshooting Elastic deployments in production (on-prem or cloud-managed).

• Experience building and operating log/telemetry pipelines into Elastic (Filebeat/Metricbeat/other Beats, Elastic Agent, Logstash, ingest pipelines).

• Proficiency with Kibana: dashboards, visualisations, Lens, saved searches,…