Incident Response Analyst II (R5568)


At Elastic, we see endless possibility in a world of endless data. And we use the power of search to help people and organizations turn that possibility into results. Elastic is the leading platform for search-powered solutions. With solutions in Enterprise Search, Observability, and Security, we help improve customer and employee search experiences, keep critical applications running smoothly, and protect against cyber threats. Elastic enables organizations worldwide to use the power of Elastic, including Netflix, Uber, BBC, Microsoft, and thousands of others.

Elastic was built on a foundation of being free and open, which trickles down to how we work. We’re a distributed organization and have been from the beginning. Being distributed isn’t just a way of doing business—it’s a mentality that is at the core of our culture.

As an Incident Response Analyst at Elastic, you are one of the front-line defenders for ensuring we are delivering safe and secure products and services to our customers, users, and fellow Elasticians. You will be responsible for reviewing and responding to alerts across a wide variety of sources that include multiple cloud providers, CI/CD environments, SaaS services, user workstations, and much more. Elastic is distributed globally by design, and we model our response practice around that same concept; enabling domain experts to respond with oversight from the Incident Response team and relying on you to provide oversight and guidance to these experts. You’ll also dive in and provide support in identifying what happened, who did it, when, and where to ensure we’ve accurately secured our environment during and after security events. If doing all of this with the Elastic Stack excites you, then we’d love to talk with you!

What You Will Be Doing:

  • Review and respond to alerts generated from our Elastic Detection Engine and other monitoring sources
  • Oversee and coordinate response activities that span multiple teams and products to ensure we are fully remediating and sufficiently mitigating any gaps in our security posture that become known through a security event or other incoming source
  • Provide feedback to the Detection Engineering team to improve the quality of detections by identifying false positives, enrichment opportunities, and automated response possibilities
  • Identify additional log sources that would close visibility gaps and work with security engineering to onboard those log sources
  • Identify additional integration points that would aid in event enrichment
  • Identify additional integration points that would enable new and/or improved automated response activities
  • Leverage the Threat Intelligence team to gather additional context for security events
  • Follow-up on security event after-action activities, such as lessons learned actions to close security gaps
  • Work with the Incident Response Lead to identify areas for improvement and develop plans to implement those improvements

What You Bring Along:

  • You’ve solved complex IT and security problems through log and system analysis (Incident Response, SRE, System Administration). If you’ve done this with the help of the Elastic Stack, even better!
  • You have demonstrated your ability to think innovatively about solving critical security problems.
  • You’ve coordinated response activities to resolve IT and security-related problems with the right people in a timely manner.
  • Experience with scripting is a plus, especially in Python.
  • Excellent written and verbal English communication skills.
Bonus Points:
  • Automation/Scripting Skills (Python, Bash, etc.)

Additional Information - We Take Care of Our People

As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn’t matter if you’re just out of college or your children are; we need you for what you can do.

We strive to have parity of benefits across regions and while regulations differ from place to place, we believe taking care of our people is the right thing to do.

  • Competitive pay based on the work you do here and not your previous salary
  • Health coverage for you and your family in many locations
  • Ability to craft your calendar with flexible locations and schedules for many roles
  • Generous number of vacation days each year
  • Double your charitable giving - We match donations 1:1 up to $1500 USD (or local currency equivalent)
  • Up to 40 hours each year to use toward volunteer projects you love.
  • Embracing parenthood with minimum of 16 weeks of parental leave

Different people approach problems differently. We need that. Elastic is an equal opportunity/affirmative action employer committed to diversity, equity, and inclusion. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, pregnancy, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, disability status, or any other basis protected by federal, state or local law, ordinance or regulation.

We welcome individuals with disabilities and strive to create an accessible and inclusive experience for all individuals. To request an accommodation during the application or the recruiting process, please email We will reply to your request within 24 business hours of submission.

Applicants have rights under Federal Employment Laws, view posters linked below:
Family and Medical Leave Act (FMLA) Poster; Equal Employment Opportunity (EEO) Poster; and Employee Polygraph Protection Act (EPPA) Poster.

Please see here for our Privacy Statement.

Learn More About Elastic's Culture

Notify Me of Open Positions

Sign in with your social account to receive emails when Elastic posts open positions you might be interested in:

Powered By Ongig