Senior Elastic Engineer; EDR​/Defend Focus

Position Summary

The Senior Elastic Engineer (EDR/Defend Focus) supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. This role is responsible for designing, implementing, and maintaining Elastic Stack environments with a special emphasis on Elastic EDR and Defend capabilities to improve cybersecurity posture and integrate with existing enterprise security tools.

• Architect, deploy, and maintain a highly available and scalable Elastic Stack environment specializing in Elastic EDR/Defend.
• Configure and optimize Elastic EDR/Defend policies and data pipelines for threat detection, prevention, and event enrichment.
• Develop and maintain Kibana dashboards and visualizations for real‑time monitoring and incident response.
• Perform proactive threat hunting and security analysis using Elastic EDR/Defend capabilities.
• Troubleshoot complex Elastic Stack issues and develop documentation for operational excellence.
• Mentor and guide junior engineers in Elastic technologies and processes.
• Ensure security, scalability, and performance of Elastic Stack infrastructure.
• Integrate Elastic capabilities with other enterprise security tools and workflows.
• Analyze multi‑source security data and translate complex requirements into actionable tasks.

• Must be a U.S. Citizen.
• Must possess an active Secret security clearance.
• 10+ years general full‑time work experience (may be reduced with advanced education).
• 5+ years experience with Elastic Stack (Elasticsearch, Logstash, Kibana).
• 3+ years implementing and managing Elastic EDR and Defend solutions.
• 2+ years experience in a senior or lead engineering role.
• 1+ year experience in a management or leadership role.
• Strong understanding of security principles, threat detection, and incident response.
• Experience with data ingestion, processing, and enrichment techniques.
• Proficiency in at least one scripting language (Python, Bash, Power Shell).
• Current DoD 8570.01‑M IAT Level II certification (e.g., CCNA‑Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP).

• Experience with Linux and Windows Server administration.
• Experience with containerization technologies (Docker, Kubernetes).
• Experience with automation tools (Ansible, Puppet, Chef).
• Experience with cloud platforms (AWS, Azure, GCP).
• Experience with SIEM technologies and event management.
• Knowledge of security frameworks and compliance standards (NIST, FedRAMP).
• Understanding of network protocols and security concepts.
• Experience with threat intelligence platforms and data feeds.
• Relevant security certifications (CISSP, CISM, CEH).
• Experience tuning Elastic EDR/Defend for specific threat landscapes.

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions. While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls.

The employee is occasionally required to stand, walk, sit, and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate.

10%

Normal office hours that align with the core hours of the customer

The company is an Equal Opportunity Employer, drug‑free workplace, and complies with ADA regulations as applicable.

Northern Technologies Group is an equal opportunity employer. We do not discriminate based on race, color, religion, sex, national origin, disability, age, or any other protected status under federal, state, or local law.