This job is more than 15 days old, and might be outdated.
Elastic is hiring a

Security Operations Engineer


Job Description


Thanks to our ongoing expansion we have the opportunity to grow our Cloud Security Operations team. We’re a part of the Elastic Cloud team with a development, operations and security background who aren’t afraid to get our hands dirty.

We’re looking for people who are just as excited about troubleshooting issues with distributed systems as they are to automate, code and collaborate to solve problems with a strong focus on Security. You will be assisting the development and implementation of security controls to mitigate risks and threats but also participating in daily security operational tasks.


  • Develop and enhance security focused tooling for the Elastic Cloud product and infrastructure
  • Architect and maintain a SIEM infrastructure
  • Be a part of a Security Incident Response Team
  • Work closely with the SRE and Development team as well as third party auditors to ensure a smooth road to security compliance and adherence to regulations (SOC2, GDPR etc)
  • Demonstrate and promote Security best practices

Experience (in 2+ areas)

  • Web Application Security: Have you performed automated and manual testing against a large codebase? Can you identify and exploit an SQL injection vulnerability without using sqlmap? Kali Linux for PenTest, Burp or OWASP for security testing? Are you able to exploit XSS in something more meaningful than a PoC alert?
  • Network Security: Have you deployed perimeter scanners against a large network? Used Nessus / Snort / Bro and the likes and managed to get actionable information from them? Have you used Netflow to analyze traffic and used Wireshark to profile suspicious traffic? How is your TLS/VPN/L3-4 Cloud game?
  • Linux Systems / Containers Security: Hardened a VM with SELinux / AppArmor? Tweaked cgroups, created Seccomp profiles? Have you profiled an application to get the minimum syscall / kernel capabilities gamut required for it to run?
  • Compliance: Ever gotten through SOC2 or PCI? What about HIPAA?
  • Incident Response & Security Monitoring: Do you have a experience working in a Security Operations Center? Have you dealt with security incidents that required quick mitigation and extensive root cause analysis?
  • Identity and Access Management: Are you familiar with Authentication and Authorization protocols such as OIDC, OAuth and SAML? Deployed large scale LDAP / Kerberos?
  • Development consulting : Are you familiar with security principles for Software Engineering? Can you help developers build security in throughout the Software Development Life Cycle?

Key Skills

  • Desire to represent work in git, driven by a GitHub workflow through issues and pull requests and rigorous code reviews
  • Love open source development, and have contributed to some project somewhere (doesn’t have to be ours), whether it’s mailing lists, patches, documentation, etc.
  • Enjoy working remotely and the communication it requires
  • Love a diverse environment, worki
  • ng with men and women all over the world

Additional Information Competitive pay, medical, dental, vision, disability, benefits

  • 401k plan
  • Stock options
  • Fully remote, with optional coworking from an Elastic office (Mountain View, Amsterdam, Phoenix, etc.) or in your town
  • Lots of opportunities for conference travel, being in the community is encouraged, not just tolerated

Elastic is an Equal Employment employer committed to the principles of equal employment opportunity and affirmative action for all applicants and employees. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. Elastic also makes reasonable accommodations for disabled employees consistent with applicable law.