×
Register Here to Apply for Jobs or Post Jobs. X

Elasticsearch Lead Engineer - SIEM Platform

Job in Charlotte, Mecklenburg County, North Carolina, 28245, USA
Listing for: Vanguard
Full Time position
Listed on 2026-07-08
Job specializations:
  • IT/Tech
    Data Engineering, AWS, Cloud Computing: Infrastructure & Operations, Data Security
Salary/Wage Range or Industry Benchmark: 120000 - 150000 USD Yearly USD 120000.00 150000.00 YEAR
Job Description & How to Apply Below

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

Elasticsearch Lead Engineer – SIEM Platform
  • Architect and maintain high-availability Elasticsearch clusters supporting large-scale security event ingestion
  • Define and enforce Elastic Common Schema (ECS) field mappings across all data sources, ensuring consistent normalization for detection rules and analytics
  • Design and develop custom data ingestion pipelines using Elasticsearch
  • Integrate with AWS services including S3, Kinesis Data Streams, Lambda, and Cloud Watch for log collection
  • Manage AWS infrastructure: EC2, S3, IAM, and Secrets Manager – using AWS Cloud Formation
  • Implement data lifecycle management – hot/warm/cold/frozen tier strategies, ILM policies, and snapshot/restore to S3-based data lakes
  • Partner with Detection Engineering and Threat Intelligence teams to optimize index strategies, queries, and dashboards in Kibana
  • Establish and maintain cluster security controls: TLS/mTLS, role-based access control (RBAC), audit logging, and encryption at rest
  • Build resilient, fault-tolerant architectures: cross-cluster replication, shard allocation awareness, and disaster recovery runbooks
  • Perform activities related to platform health monitoring and upgrade/patching
  • Troubleshoot and manage production technical issues related to Elasticsearch cloud
  • Define and enforce SLOs for ingestion latency, query performance, and cluster availability
  • Mentor junior engineers and establish best practices, runbooks, and architectural standards
Qualifications
  • Minimum of six years related work experience.
  • Undergraduate degree in a related field or the equivalent combination of training and experience.
  • 6+ years of Elasticsearch / Elastic Stack (ELK) experience in a production security or observability environment.
  • Deep understanding of Elastic Common Schema (ECS) and experience mapping diverse log sources (Windows, Linux, network, cloud, EDR) to ECS.
  • Hands‑on experience operating Elasticsearch at scale (10TB+/day ingest, 100+ node clusters).
  • Proficiency with AWS – Kinesis, S3, IAM, Cloud Trail, and AWS‑native log sources.
  • Experience with data streaming platforms – Apache Kafka, or Confluent Platform – for high-throughput event ingestion.
  • Experience integrating with data lake platforms – AWS S3 / Lake Formation, Data Lake, or Apache Iceberg for long-term retention and threat hunting.
  • Strong understanding of security principles: least privilege, network segmentation, secrets management, audit logging.
  • Experience building resilient systems: replication topologies, capacity planning, chaos engineering mindset, and documented DR procedures.
  • Proficiency with infrastructure‑as‑code tools (Terraform, Ansible, or CDK) – optional.
Preferred Qualifications
  • Elastic Certified Engineer or Elastic Certified Analyst certification.
  • Experience with Elastic Security / SIEM detection rules, ML jobs, and Timeline investigations.
  • Familiarity with MITRE ATT&CK framework and how it informs index and detection design.
  • Experience with container‑based deployments of Elastic (ECK / Kubernetes).
  • Knowledge of compliance frameworks: SOC 2, PCI‑DSS, HIPAA, or FedRAMP.

Vanguard is not offering visa sponsorship for this position.

#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary