elastic SecOps - Security Content Engineer

Posted on January 29th, 2019

 At Elastic, we have a simple goal: to solve the world's data problems with products that delight and inspire. As the company behind the popular open source projects — Elasticsearch, Kibana, Logstash, and Beats — we help people around the world do great things with their data. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are extending what's possible with data, delivering on the promise that good things come from connecting the dots. Diversity drives our vibe. We unite employees across 30+ countries into one coherent team, while the broader community spans across over 100 countries.

More about SecOps

The Elastic SecOps team is building a new solution that will become the center of the Elastic security analytics offerings. The Elastic stack is already very popular among the security analyst community, and the SecOps team has the opportunity to significantly improve the user experience and workflows of security analysts. Challenges include collecting all the relevant data, aggregating and visualising it, detecting and alerting on suspicious events, as well as supporting the investigation phase.

The SecOps team is diverse and distributed. You will be working remotely with people from Germany, Spain, United States, UK, and more. We meet via Zoom, brainstorm in Google docs, discuss in open GitHub issues, and chat on Slack.

Your future responsibilities:

Help us build, maintain, and support a world-class repository of security analytics content:

  • Create integrations with various network and security devices through their log events.
  • Create security oriented Kibana dashboards, and other investigative elements.
  • Create incident response playbooks.
  • Create rules to identify common attacker techniques and tactics, and to raise alarms.
  • Create machine learning jobs to detect elementary and complex attack behaviors.
  • Create and deploy data enrichment to facilitate the above detections.
  • Help the software development team prioritize their roadmap of features and capabilities.
  • Work with our support team to help customers, and answer community questions.

Required skills:

  • A thorough understanding of the cyber kill chain or similar attack progression models
  • A solid understanding of software vulnerabilities and remote exploits.
  • Significant experience working as a SOC analyst, cyber investigator, threat hunter, or forensic investigator
  • Familiarity with open source security projects, including threat intelligence platforms
  • A good understanding of software engineering practices and automated testing.

Ideal Aptitude:

  • Security oriented mind-set. You like solving puzzles and finding ways into closed systems.
  • High level of attention to detail, revision control, and configuration management practices
  • Ability to work inclusively in a distributed team throughout the world
  • A passion for “finding evil”

Target Locations: Toronto, Canada; Vancouver, Canada; Atlanta, GA;  Austin, TX; Baltimore, MD; Boston, MA; Boulder, CO; Chicago, IL; Dallas, TX; Denver, CO; Detroit, MI; Houston, TX; Los Angeles, CA; Miami, FL; Minneapolis, MN; Nashville, TN; New York City, NY; Philadelphia, PA; Phoenix, AZ; Portland, OR; Raleigh, NC; Richmond, VA; Sacramento, CA; San Diego, CA;  San Francisco, CA; San Jose, CA; Seattle, WA; Copenhagen, Denmark; Nice, France; Paris, France; Lisbon, Portugal; Dublin, Ireland; Berlin, Germany; Dusseldorf, Germany; Frankfurt, Germany; Hamburg, Germany; Warsaw, Poland; Krakow, Poland; Munich, Germany; Tel Aviv, Israel; Amsterdam, The Netherlands; Oslo, Norway; Barcelona, Spain; Madrid, Spain; Stockholm, Sweden; Zurich, Switzerland; Edinburgh, United Kingdom; Glasgow, United Kingdom; London, United Kingdom; Manchester, United Kingdom; Washington, DC; Belfast, United Kingdom; Detroit, MI; Pittsburgh, PA; Louisville, KY; Indianapolis, IN; Cleveland, OH; Eindhoven, NL;  

Elastic is an Equal Employment employer committed to the principles of equal employment opportunity and affirmative action for all applicants and employees. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. Elastic also makes reasonable accommodations for disabled employees consistent with applicable law.

Apply for this Position