Senior Security Engineer – Elastic

Role Overview

The Security Engineer – Elastic is a hands-on engineering role responsible for designing, building, and maintaining security detections, analytics, and data pipelines within the Elastic Stack. This role partners closely with SOC operations to improve visibility, detection quality, and response effectiveness across endpoint, cloud, and infrastructure telemetry.

This is an individual contributor role. However, for candidates interested in future leadership opportunities, this position offers a strong foundation for growth into technical leadership or people management as the team scales.

• Design, implement, and maintain multi-tenant Elastic environments, security detections, alerts, and analytics within the Elastic Stack.
• Develop and tune detection logic aligned to real-world threats and the MITRE ATT&CK framework.
• Build and optimize Elasticsearch queries, dashboards, and visualizations to support SOC operations and investigations.
• Improve detection fidelity by reducing false positives and increasing actionable signal.

• Support ingestion, normalization, and enrichment of security telemetry from endpoints, cloud platforms, and network sources to expand visibility and detection coverage.
• Maintain and optimize Elastic Stack components (Elasticsearch, Kibana, Beats, Elastic Agent) in collaboration with platform teams to meet evolving MDR and product requirements.
• Assist with scaling, performance tuning, and reliability of Elastic-based security monitoring environments as the MDR platform grows.
• Support onboarding of new data sources and clients into the Elastic security platform, ensuring consistency and operational readiness.
• Proactively identify opportunities to enhance the Elastic platform through idea generation, proof-of-concept development, and implementation of new capabilities, detections, and workflows.
• Partner with SOC leadership and product stakeholders to translate operational gaps and customer needs into actionable platform improvements.

• Collaborate with SOC leadership, MDR engineering, and threat intelligence teams to evolve detection strategy.
• Contribute to documentation, standards, and detection engineering best practices to support consistency and scalability across the MDR program.
• Actively expand technical knowledge by learning and supporting additional security platforms and technologies beyond Elastic, as MDR capabilities evolve.
• Mentor junior engineers or analysts as needed, sharing platform knowledge and detection engineering best practices.
• For interested candidates, opportunities may exist to take on technical leadership or people management responsibilities over time.

• 4+ years of experience working with the Elastic Stack in a security, observability, or analytics context.
• Strong experience with Elasticsearch query language (ES|QL and/or KQL), Kibana, and Elastic data models.
• Hands‑on experience building security detections, alerts, or analytics in SIEM or log analytics platforms.
• Experience with Elastic Security (SIEM, Endpoint, Detection Rules).
• Familiarity with endpoint, cloud, and infrastructure telemetry (e.g., EDR logs, Windows events, Linux logs, cloud audit logs).
• Understanding of adversary behavior and detection methodologies, including the MITRE ATT&CK framework.
• Experience working in ticketing or incident management systems in an operational environment.
• Strong communication skills and ability to collaborate with SOC analysts and engineers.

• Understanding of adversary behavior and detection methodologies, including the MITRE ATT&CK framework.
• Scripting or automation experience (Python, Bash, or similar).
• Experience in an MDR, MSSP, or SOC environment.
• Relevant certifications or formal education in cybersecurity or related fields.

• Company‑paid health, dental and vision insurance plans for the employee.
• Up to a 4% 401k company match that vests immediately, it’s yours to keep.
• Generous paid time off and 10 holidays per year.
• Paid time off to vote and volunteer.
• Paid time off on your birthday because it’s your special day.
• Up to $100 per month for your internet and cell phone service.
• Team building events.

• All candidates will be required to take an extensive background screen, credit screen, and drug screen prior to employment.
• This is an on‑site position for candidates located in Franklin, TN.