FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Lead Engineer, Elasticsearch – SIEM Platform
VanguardElasticsearch Lead Engineer responsible for architecting and maintaining high-availability Elasticsearch clusters. Collaborating with teams to optimize index strategies and ensure data security.
Posted 6/17/2026full-timeMalvern • North Carolina, Pennsylvania, Texas • 🇺🇸 United StatesSeniorWebsite
Tech Stack
Tools & technologiesAnsibleApacheAWSCloudEC2ElasticSearchKafkaLinuxNode.jsTerraform
About the role
Key responsibilities & impact- Architect and maintain high-availability Elasticsearch clusters supporting large-scale security event ingestion
- Define and enforce Elastic Common Schema (ECS) field mappings across all data sources, ensuring consistent normalization for detection rules and analytics
- Design and develop custom data ingestion pipelines using Elasticsearch
- Integrate with AWS services including S3, Kinesis Data Streams, Lambda, and CloudWatch for log collection
- Manage AWS infrastructure: EC2, S3, IAM, and Secrets Manager - using AWS CloudFormation
- Implement data lifecycle management - hot/warm/cold/frozen tier strategies, ILM policies, and snapshot/restore to S3-based data lakes
- Partner with Detection Engineering and Threat Intelligence teams to optimize index strategies, queries, and dashboards in Kibana
- Establish and maintain cluster security controls: TLS/mTLS, role-based access control (RBAC), audit logging, and encryption at rest
- Build resilient, fault-tolerant architectures: cross-cluster replication, shard allocation awareness, and disaster recovery runbooks
- Perform activities related platform health monitoring and upgrade / patching
- Troubleshoot and manage production technical issues related to Elasticsearch cloud
- Define and enforce SLOs for ingestion latency, query performance, and cluster availability
- Mentor junior engineers and establish best practices, runbooks, and architectural standards
Requirements
What you’ll need- Minimum of six years related work experience.
- Undergraduate degree in a related field or the equivalent combination of training and experience.
- 6+ years of Elasticsearch / Elastic Stack (ELK) experience in a production security or observability environment
- Deep understanding of Elastic Common Schema (ECS) and experience mapping diverse log sources (Windows, Linux, network, cloud, EDR) to ECS
- Hands-on experience operating Elasticsearch at scale (10TB+/day ingest, 100+ node clusters)
- Proficiency with AWS - Kinesis, S3, IAM, CloudTrail, and AWS-native log sources
- Experience with data streaming platforms - Apache Kafka, or Confluent Platform - for high-throughput event ingestion
- Experience integrating with data lake platforms - AWS S3 / Lake Formation, Data Lake, or Apache Iceberg for long-term retention and threat hunting
- Strong understanding of security principles: least privilege, network segmentation, secrets management, audit logging
- Experience building resilient systems: replication topologies, capacity planning, chaos engineering mindset, and documented DR procedures
- Proficiency with infrastructure-as-code tools (Terraform, Ansible, or CDK) (Optional)
Benefits
Comp & perks- comprehensive health and wellness care
- work-life balance
- investment in your future
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
ElasticsearchElastic Common Schema (ECS)data ingestion pipelinesAWSKinesisS3IAMdata lifecycle managementinfrastructure-as-codeApache Kafka
Soft Skills
mentoringcollaborationtroubleshootingproblem-solvingcommunicationbest practices establishmentarchitectural standards