Capital Markets Placement

Elasticsearch Lead Engineer - SIEM Platform

Capital Markets Placement$120K — $150K *
Dallas, TX 75217In-Person
Information Technology
5 - 7 years of experience
3 days ago
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • Minimum of six years related work experience.
  • Undergraduate degree in a related field or equivalent training and experience.
  • 6+ years of Elasticsearch/Elastic Stack (ELK) experience in a production security or observability environment.
  • Deep understanding of Elastic Common Schema (ECS) and log mapping across diverse sources.
  • Hands-on experience with Elasticsearch at scale (10TB+/day ingest, 100+ node clusters).
  • Proficiency with AWS services including Kinesis, S3, IAM.
  • Experience with data streaming platforms like Apache Kafka.

Responsibilities

  • Architect and maintain high-availability Elasticsearch clusters for large-scale security event ingestion.
  • Define and enforce ECS field mappings for consistent data normalization.
  • Design and develop custom data ingestion pipelines with Elasticsearch.
  • Integrate with AWS services such as S3, Kinesis Data Streams, and Lambda for log collection.
  • Implement data lifecycle management strategies and policies for Elasticsearch data.
  • Partner with Detection Engineering to optimize indexing strategies and queries in Kibana.
  • Mentor junior engineers and establish best practices and architectural standards.

Benefits

  • Work in a collaborative environment with experienced engineers.
  • Opportunity to develop and implement innovative security solutions.
  • Mentorship from senior professionals in the field.
  • Access to cutting-edge technology and tools for problem-solving.
Full Job Description
Elasticsearch Lead Engineer - SIEM Platform:

  • Architect and maintain high-availability Elasticsearch clusters supporting large-scale security event ingestion
  • Define and enforce Elastic Common Schema (ECS) field mappings across all data sources, ensuring consistent normalization for detection rules and analytics
  • Design and develop custom data ingestion pipelines using Elasticsearch
  • Integrate with AWS services including S3, Kinesis Data Streams, Lambda, and CloudWatch for log collection
  • Manage AWS infrastructure: EC2, S3, IAM, and Secrets Manager - using AWS CloudFormation
  • Implement data lifecycle management - hot/warm/cold/frozen tier strategies, ILM policies, and snapshot/restore to S3-based data lakes
  • Partner with Detection Engineering and Threat Intelligence teams to optimize index strategies, queries, and dashboards in Kibana
  • Establish and maintain cluster security controls: TLS/mTLS, role-based access control (RBAC), audit logging, and encryption at rest
  • Build resilient, fault-tolerant architectures: cross-cluster replication, shard allocation awareness, and disaster recovery runbooks
  • Perform activities related platform health monitoring and upgrade / patching
  • Troubleshoot and manage production technical issues related to Elasticsearch cloud
  • Define and enforce SLOs for ingestion latency, query performance, and cluster availability
  • Mentor junior engineers and establish best practices, runbooks, and architectural standards


Qualifications

  • Minimum of six years related work experience.
  • Undergraduate degree in a related field or the equivalent combination of training and experience.
  • 6+ years of Elasticsearch / Elastic Stack (ELK) experience in a production security or observability environment
  • Deep understanding of Elastic Common Schema (ECS) and experience mapping diverse log sources (Windows, Linux, network, cloud, EDR) to ECS
  • Hands-on experience operating Elasticsearch at scale (10TB+/day ingest, 100+ node clusters)
  • Proficiency with AWS - Kinesis, S3, IAM, CloudTrail, and AWS-native log sources
  • Experience with data streaming platforms - Apache Kafka, or Confluent Platform - for high-throughput event ingestion
  • Experience integrating with data lake platforms - AWS S3 / Lake Formation, Data Lake, or Apache Iceberg for long-term retention and threat hunting
  • Strong understanding of security principles: least privilege, network segmentation, secrets management, audit logging
  • Experience building resilient systems: replication topologies, capacity planning, chaos engineering mindset, and documented DR procedures
  • Proficiency with infrastructure-as-code tools (Terraform, Ansible, or CDK) (Optional)


Preferred Qualifications

  • Elastic Certified Engineer or Elastic Certified Analyst certification
  • Experience with Elastic Security / SIEM detection rules, ML jobs, and Timeline investigations
  • Familiarity with MITRE ATT&CK framework and how it informs index and detection design
  • Experience with container-based deployments of Elastic (ECK / Kubernetes)
  • Knowledge of compliance frameworks: SOC 2, PCI-DSS, HIPAA, or FedRAMP

Special Factors

Sponsorship
Vanguard is not offering visa sponsorship for this position.

About Capital Markets Placement

Capital Markets Placement is a financial services company that provides debt and equity financing solutions to businesses. The company specializes in providing funding to small and medium-sized businesses that are looking to grow or expand their operations. Capital Markets Placement offers a range of financing options, including asset-based lending, bridge loans, mezzanine financing, and equity financing. The company has a team of experienced professionals who work closely with clients to understand their needs and provide customized financing solutions. Capital Markets Placement is committed to helping businesses achieve their goals and grow their operations.
Learn more about Capital Markets Placement
Size
50 employees
Industry
Finance & Insurance
Founded
1997
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Capital Markets Placement

More Information Technology Jobs

Find similar Elasticsearch Lead Engineer - SIEM Platform jobs:

NationwideDallas, TX