Sr. Elastic Defend Architect

Senior Elastic Defend Architect

Location:

Colorado Springs, CO

Job Description:

ECS is seeking a Sr. Elastic Defend Architect to design and deploy scalable, resilient endpoint security architectures using Elastic Defend, Elastic Security, and Elasticsearch. You will build, optimize, and maintain high‑performing Elastic Defend environments that support mission‑critical cybersecurity operations. The role requires deep expertise in Elastic security tooling, observability, and data ingestion pipelines, and it involves close collaboration with SOC, Dev Ops, cloud, and platform engineering teams.

• Architect, design, and deploy Elastic Defend across large, distributed enterprise environments.
• Configure and manage Fleet Servers, agent enrollment workflows, endpoint security policies, and security integrations.
• Design and maintain scalable Elasticsearch clusters supporting Elastic Security workloads.
• Build and optimize ingestion pipelines for endpoint telemetry, audit logs, alerts, and other security‑relevant data.
• Improve Elastic Security performance through index management, ILM tuning, ECS mapping optimization, and ingest pipeline enhancements.
• Develop and maintain observability frameworks using Kibana and related tooling, ensuring complete visibility into cluster and EDR operations.
• Implement and support logging, metrics, and tracing systems needed for real‑time monitoring and detection.
• Analyze and visualize datasets to support threat hunting, anomaly detection, and operational insights.
• Troubleshoot Elastic Defend agent behavior, endpoint policy issues, resource conflicts, and integration failures.
• Ensure data integrity, security, and compliance across all Elastic Security components.
• Collaborate closely with SOC, Incident Response, Dev Ops, cloud, and platform engineering teams to align architecture with mission requirements.
• Provide technical guidance, mentoring, and subject‑matter expertise to internal teams and external stakeholders.
• Document system architectures, runbooks, deployment patterns, procedures, and best practices.
• Stay up to date on emerging Elastic Security capabilities, endpoint threat trends, and evolving cybersecurity technologies.

• Outstanding verbal and written communication abilities.
• Ability and willingness to support domestic or international on‑site travel as needed.
• Possess and maintain a valid U.S. Passport.
• Must have a Secret clearance, at minimum.

• Experience architecting or administering Elastic Security / Elastic Defend solutions in production environments.
• Certifications such as Elastic Certified Engineer, Elastic Certified Analyst, or Elastic Security Engineer.
• Strong understanding of SIEM and EDR concepts and hands‑on experience with platforms such as Elastic, Splunk, QRadar, Log Rhythm, or Sentinel.
• Proficiency with Linux/Unix systems, networking fundamentals, and cloud environments (AWS, Azure, GCP).
• Experience with Dev Ops/SRE methodologies, including automation, CI/CD, configuration management, and infrastructure‑as‑code.
• Strong scripting abilities in Python, Power Shell, or Bash for automation and data transformation.
• Deep knowledge of modern threat landscapes, endpoint attack techniques, and defensive security controls.
• Familiarity with search/indexing technologies such as Solr or Lucene is a plus.

Salary Range: $150,000 - $190,000

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.