Vanguard Group, Inc.
• $120K — $150K *Qualifications
Responsibilities
Benefits
Elasticsearch Lead Engineer - SIEM Platform:
Architect and maintain high-availability Elasticsearch clusters supporting large-scale security event ingestion
Define and enforce Elastic Common Schema (ECS) field mappings across all data sources, ensuring consistent normalization for detection rules and analytics
Design and develop custom data ingestion pipelines using Elasticsearch
Integrate with AWS services including S3, Kinesis Data Streams, Lambda, and CloudWatch for log collection
Manage AWS infrastructure: EC2, S3, IAM, and Secrets Manager - using AWS CloudFormation
Implement data lifecycle management - hot/warm/cold/frozen tier strategies, ILM policies, and snapshot/restore to S3-based data lakes
Partner with Detection Engineering and Threat Intelligence teams to optimize index strategies, queries, and dashboards in Kibana
Establish and maintain cluster security controls: TLS/mTLS, role-based access control (RBAC), audit logging, and encryption at rest
Build resilient, fault-tolerant architectures: cross-cluster replication, shard allocation awareness, and disaster recovery runbooks
Perform activities related platform health monitoring and upgrade / patching
Troubleshoot and manage production technical issues related to Elasticsearch cloud
Define and enforce SLOs for ingestion latency, query performance, and cluster availability
Mentor junior engineers and establish best practices, runbooks, and architectural standards
Qualifications
Minimum of six years related work experience.
Undergraduate degree in a related field or the equivalent combination of training and experience.
6+ years of Elasticsearch / Elastic Stack (ELK) experience in a production security or observability environment
Deep understanding ofElastic Common Schema (ECS)and experience mapping diverse log sources (Windows, Linux, network, cloud, EDR) to ECS
Hands-on experience operating Elasticsearch at scale (10TB+/day ingest, 100+ node clusters)
Proficiency withAWS- Kinesis, S3, IAM, CloudTrail, and AWS-native log sources
Experience withdata streaming platforms- Apache Kafka, or Confluent Platform - for high-throughput event ingestion
Experience integrating withdata lake platforms- AWS S3 / Lake Formation, Data Lake, or Apache Iceberg for long-term retention and threat hunting
Strong understanding of security principles: least privilege, network segmentation, secrets management, audit logging
Experience building resilient systems: replication topologies, capacity planning, chaos engineering mindset, and documented DR procedures
Proficiency with infrastructure-as-code tools (Terraform, Ansible, or CDK) (Optional)
Preferred Qualifications
Elastic Certified Engineer or Elastic Certified Analyst certification
Experience withElastic Security / SIEMdetection rules, ML jobs, and Timeline investigations
Familiarity with MITRE ATTCK framework and how it informs index and detection design
Experience with container-based deployments of Elastic (ECK / Kubernetes)
Knowledge of compliance frameworks: SOC 2, PCI-DSS, HIPAA, or FedRAMP
Special Factors
Sponsorship
Vanguard is not offering visa sponsorship for this position.Similar Jobs
More Jobs at Vanguard Group, Inc.
More Information Technology Jobs