Elastic Security Engineer - Cloud Defensive, hibrido
Empresa
Michael Page
Provincia
Barcelona
Ciudad
Barcelona
Tipo de Contrato
Temporal
Descripción
Elastic Security Engineer - Cloud Defensive
Reporting to the head of the division, your main responsibilities will be:
Redesign and document the Elastic stack architecture (Elasticsearch, Kibana, Elastic Security/Observability) to serve as a scalable, reliable defensive platform for the duration of the contract and beyond
Deliver production-ready ingestion pipelines for security and infrastructure telemetry - AWS/GCP audit logs, EDR telemetry, OS/syslog from Linux fleets and key application logs - including Beats/Agents, ingest pipelines and index lifecycle management, with full documentation of design decisions
Produce and hand over optimisation recommendations and implementations for Elastic performance, scalability, cost and reliability, covering index strategy, shard planning, hot/warm/cold tiers and retention policies
Define and deliver reusable standards and templates for indices, data streams, mappings and dashboards that the team can maintain independently after contract completion
Implement detection content in Elastic (KQL/EQL queries, rules, anomaly jobs) using defense-as-code practices - versioning, code reviews, testing and CI/CD - and produce documentation sufficient for the permanent team to extend and maintain the content
Collaborate with engineering teams, SOC and Incident Response to translate threat scenarios into Elastic rules, alerts and dashboards, and iterate based on their feedback to reduce false positives and improve signal quality
Deliver internal tooling improvements to support detection engineering - shared rule templates, test harnesses, linters, rule packaging - with related documentation and handover notes
Manage infrastructure, data pipeline and content deployments using IaC tools (like Terraform or CloudFormation) and CI/CD platforms (like GitHub Actions, Argo CD), ensuring all IaC is version-controlled and documented
Integrate Elastic with relevant security and cloud services (EDR agents, cloud-native security tools, ticketing, notification channels, SOAR) and document integration patterns for ongoing team use
Produce self-service on boarding patterns - data ingestion blueprints, dashboards, reference queries, runbooks - designed for independent use by product and platform teams after the engagement ends
Deliver clear dashboards covering data coverage, detection health and ingest reliability, with documentation to support ongoing maintenance
Produce a final handover package at the end of the engagement including architecture documentation, a prioritised backlog of outstanding work and a knowledge transfer session with the permanent team.
Elastic and platform engineering expertise
International scope within Europe
Must-have
Strong hands-on experience designing, operating and troubleshooting Elastic deployments in production (on-prem or cloud-managed), with the ability to make and document architecture decisions to a standard that allows a team to operate and extend the platform independently.
Experience building and operating log and telemetry ingestion pipelines into Elastic using Filebeat, Metricbeat, Elastic Agent, Logstash and ingest pipelines, including index lifecycle management.
Proficiency with Kibana across dashboards, visualisations, Lens, saved searches, alerting and spaces, with a track record of delivering maintainable, documented dashboard outputs.
Solid understanding of distributed systems concepts relevant to Elastic: indexing, sharding, replication, cluster health, and performance and cost trade-offs at scale.
Experience with infrastructure-as-code (Terraform, Ansible or CloudFormation) and CI/CD pipelines (GitHub Actions, Jenkins or equivalent) to deploy and manage infrastructure and automate configuration.
Hands-on experience with Linux systems, containers and Kubernetes (EKS or vanilla deployments).
Experience with public cloud environments, preferably AWS and/or GCP, covering cloud logging, IAM basics and network fundamentals.
Good understanding of core security and SOC concepts - logs, events, alerts, detections, triage and investigations - sufficient to work effectively alongside security engineers and SOC analysts and translate their requirements into platform and detection deliverables.
Familiarity with threat detection concepts including TTPs, attacker behaviours and basic MITRE ATT CK navigation, and how these map to log sources and detection signals.
Strong scripting and automation skills in at least one language such as Go, Bash or Python.
Demonstrated ability to produce clear technical documentation, runbooks, architecture decision records and handover materials to a standard that enables a team to work independently after contract completion.
At least 3 years of experience in a relevant role such as Platform or Observability Engineer, Elastic Engineer, DevOps or Cloud Engineer or Security Engineer working extensively with Elastic.
Nice to have
Practical experience with Elastic Security or SIEM capabilities including detection rules, timelines, cases and EQL/KQL for threat detection.
Hands-on experience integrating Elastic with EDR or runtime security tools such as CrowdStrike, or with cloud-native security services.
Experience with SOAR tools or building automation around alert handling and incident response workflows.
Prior work in a Cloud Security, Cloud Defense or SecOps team.
Relevant certifications in Elastic, cloud security, Kubernetes or DevOps disciplines.
Multinational Tech company
Attractive salary package
Really flexible hybrid model (once per month at the office in Barcelona)
Create and build solutions almost from scratch
Elasticsearch, Kibana, Elastic Security, Elastic Observability, AWS, GCP,
Reporting to the head of the division, your main responsibilities will be:
Redesign and document the Elastic stack architecture (Elasticsearch, Kibana, Elastic Security/Observability) to serve as a scalable, reliable defensive platform for the duration of the contract and beyond
Deliver production-ready ingestion pipelines for security and infrastructure telemetry - AWS/GCP audit logs, EDR telemetry, OS/syslog from Linux fleets and key application logs - including Beats/Agents, ingest pipelines and index lifecycle management, with full documentation of design decisions
Produce and hand over optimisation recommendations and implementations for Elastic performance, scalability, cost and reliability, covering index strategy, shard planning, hot/warm/cold tiers and retention policies
Define and deliver reusable standards and templates for indices, data streams, mappings and dashboards that the team can maintain independently after contract completion
Implement detection content in Elastic (KQL/EQL queries, rules, anomaly jobs) using defense-as-code practices - versioning, code reviews, testing and CI/CD - and produce documentation sufficient for the permanent team to extend and maintain the content
Collaborate with engineering teams, SOC and Incident Response to translate threat scenarios into Elastic rules, alerts and dashboards, and iterate based on their feedback to reduce false positives and improve signal quality
Deliver internal tooling improvements to support detection engineering - shared rule templates, test harnesses, linters, rule packaging - with related documentation and handover notes
Manage infrastructure, data pipeline and content deployments using IaC tools (like Terraform or CloudFormation) and CI/CD platforms (like GitHub Actions, Argo CD), ensuring all IaC is version-controlled and documented
Integrate Elastic with relevant security and cloud services (EDR agents, cloud-native security tools, ticketing, notification channels, SOAR) and document integration patterns for ongoing team use
Produce self-service on boarding patterns - data ingestion blueprints, dashboards, reference queries, runbooks - designed for independent use by product and platform teams after the engagement ends
Deliver clear dashboards covering data coverage, detection health and ingest reliability, with documentation to support ongoing maintenance
Produce a final handover package at the end of the engagement including architecture documentation, a prioritised backlog of outstanding work and a knowledge transfer session with the permanent team.
Elastic and platform engineering expertise
International scope within Europe
Must-have
Strong hands-on experience designing, operating and troubleshooting Elastic deployments in production (on-prem or cloud-managed), with the ability to make and document architecture decisions to a standard that allows a team to operate and extend the platform independently.
Experience building and operating log and telemetry ingestion pipelines into Elastic using Filebeat, Metricbeat, Elastic Agent, Logstash and ingest pipelines, including index lifecycle management.
Proficiency with Kibana across dashboards, visualisations, Lens, saved searches, alerting and spaces, with a track record of delivering maintainable, documented dashboard outputs.
Solid understanding of distributed systems concepts relevant to Elastic: indexing, sharding, replication, cluster health, and performance and cost trade-offs at scale.
Experience with infrastructure-as-code (Terraform, Ansible or CloudFormation) and CI/CD pipelines (GitHub Actions, Jenkins or equivalent) to deploy and manage infrastructure and automate configuration.
Hands-on experience with Linux systems, containers and Kubernetes (EKS or vanilla deployments).
Experience with public cloud environments, preferably AWS and/or GCP, covering cloud logging, IAM basics and network fundamentals.
Good understanding of core security and SOC concepts - logs, events, alerts, detections, triage and investigations - sufficient to work effectively alongside security engineers and SOC analysts and translate their requirements into platform and detection deliverables.
Familiarity with threat detection concepts including TTPs, attacker behaviours and basic MITRE ATT CK navigation, and how these map to log sources and detection signals.
Strong scripting and automation skills in at least one language such as Go, Bash or Python.
Demonstrated ability to produce clear technical documentation, runbooks, architecture decision records and handover materials to a standard that enables a team to work independently after contract completion.
At least 3 years of experience in a relevant role such as Platform or Observability Engineer, Elastic Engineer, DevOps or Cloud Engineer or Security Engineer working extensively with Elastic.
Nice to have
Practical experience with Elastic Security or SIEM capabilities including detection rules, timelines, cases and EQL/KQL for threat detection.
Hands-on experience integrating Elastic with EDR or runtime security tools such as CrowdStrike, or with cloud-native security services.
Experience with SOAR tools or building automation around alert handling and incident response workflows.
Prior work in a Cloud Security, Cloud Defense or SecOps team.
Relevant certifications in Elastic, cloud security, Kubernetes or DevOps disciplines.
Multinational Tech company
Attractive salary package
Really flexible hybrid model (once per month at the office in Barcelona)
Create and build solutions almost from scratch
Elasticsearch, Kibana, Elastic Security, Elastic Observability, AWS, GCP,