Elasticsearch Lead Engineer - SIEM Platform

Vanguard Group, Inc.

$120K — $150K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Minimum of six years related work experience.
  • Undergraduate degree in a related field or equivalent experience.
  • 6+ years of Elasticsearch / Elastic Stack (ELK) experience in a production security environment.
  • Deep understanding of Elastic Common Schema (ECS) and experience mapping diverse log sources.
  • Hands-on experience operating Elasticsearch at significant scale (10TB+/day ingest).
  • Proficiency with AWS services related to log management and data ingestion.
  • Experience with data streaming platforms like Apache Kafka or Confluent Platform.

Responsibilities

  • Architect and maintain high-availability Elasticsearch clusters for large-scale security event ingestion.
  • Define and enforce Elastic Common Schema (ECS) field mappings for consistent data normalization.
  • Design and develop custom data ingestion pipelines using Elasticsearch.
  • Integrate with AWS services for log collection, including S3 and Kinesis Data Streams.
  • Implement data lifecycle management strategies and policies for data retention.
  • Establish and maintain cluster security controls including encryption and access management.
  • Mentor junior engineers and establish best practices for monitoring and troubleshooting.

Benefits

  • Collaborative work environment with opportunities for mentorship.
  • Exposure to cutting-edge technologies in a high-scale production setting.
  • Opportunity to define and influence security architecture standards.
  • Professional growth through challenging projects and cross-team collaboration.
Full Job Description

Elasticsearch Lead Engineer - SIEM Platform:

  • Architect and maintain high-availability Elasticsearch clusters supporting large-scale security event ingestion

  • Define and enforce Elastic Common Schema (ECS) field mappings across all data sources, ensuring consistent normalization for detection rules and analytics

  • Design and develop custom data ingestion pipelines using Elasticsearch

  • Integrate with AWS services including S3, Kinesis Data Streams, Lambda, and CloudWatch for log collection

  • Manage AWS infrastructure: EC2, S3, IAM, and Secrets Manager - using AWS CloudFormation

  • Implement data lifecycle management - hot/warm/cold/frozen tier strategies, ILM policies, and snapshot/restore to S3-based data lakes

  • Partner with Detection Engineering and Threat Intelligence teams to optimize index strategies, queries, and dashboards in Kibana

  • Establish and maintain cluster security controls: TLS/mTLS, role-based access control (RBAC), audit logging, and encryption at rest

  • Build resilient, fault-tolerant architectures: cross-cluster replication, shard allocation awareness, and disaster recovery runbooks

  • Perform activities related platform health monitoring and upgrade / patching

  • Troubleshoot and manage production technical issues related to Elasticsearch cloud

  • Define and enforce SLOs for ingestion latency, query performance, and cluster availability

  • Mentor junior engineers and establish best practices, runbooks, and architectural standards


Qualifications

  • Minimum of six years related work experience.

  • Undergraduate degree in a related field or the equivalent combination of training and experience.

  • 6+ years of Elasticsearch / Elastic Stack (ELK) experience in a production security or observability environment

  • Deep understanding ofElastic Common Schema (ECS)and experience mapping diverse log sources (Windows, Linux, network, cloud, EDR) to ECS

  • Hands-on experience operating Elasticsearch at scale (10TB+/day ingest, 100+ node clusters)

  • Proficiency withAWS- Kinesis, S3, IAM, CloudTrail, and AWS-native log sources

  • Experience withdata streaming platforms- Apache Kafka, or Confluent Platform - for high-throughput event ingestion

  • Experience integrating withdata lake platforms- AWS S3 / Lake Formation, Data Lake, or Apache Iceberg for long-term retention and threat hunting

  • Strong understanding of security principles: least privilege, network segmentation, secrets management, audit logging

  • Experience building resilient systems: replication topologies, capacity planning, chaos engineering mindset, and documented DR procedures

  • Proficiency with infrastructure-as-code tools (Terraform, Ansible, or CDK) (Optional)

Preferred Qualifications

  • Elastic Certified Engineer or Elastic Certified Analyst certification

  • Experience withElastic Security / SIEMdetection rules, ML jobs, and Timeline investigations

  • Familiarity with MITRE ATTCK framework and how it informs index and detection design

  • Experience with container-based deployments of Elastic (ECK / Kubernetes)

  • Knowledge of compliance frameworks: SOC 2, PCI-DSS, HIPAA, or FedRAMP

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

Similar Jobs

More Jobs at Vanguard Group, Inc.

More Information Technology Jobs

Find similar Elasticsearch Lead Engineer - SIEM Platform jobs: