Information Security - Principal Detection Engineer


Elastic is a search company built on a free and open heritage. Anyone can use Elastic products and solutions to get started quickly and frictionlessly. Elastic offers three solutions for enterprise search, observability, and security, built on one technology stack that can be deployed anywhere. From finding documents to monitoring infrastructure to hunting for threats, Elastic makes data usable in real time and at scale. Thousands of organizations worldwide, including Cisco, eBay, Goldman Sachs, Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia, and Verizon, use Elastic to power mission-critical systems. Founded in 2012, Elastic is a distributed company with Elasticians around the globe and is publicly traded on the NYSE under the symbol ESTC. Learn more at

Please note that this is a 100% remote position.

As a Principal Detection Engineer at Elastic you are helping Elastic deliver safe and secure products and services to our customers, users, and fellow Elasticians. You will be responsible for developing and tuning detections across a wide variety of sources that include multiple cloud providers, CI/CD environments, SaaS services, user workstations, and much more. You’ll partner with teams company-wide to learn about Elastic’s threat landscape and adapt our monitoring as a result. You’ll also help support incident response activities by providing expertise in log analysis during security events. You’ll have access to all the tools in the Elastic Stack and to the folks who build the Elastic Stack to provide feedback and suggestions to make our stack better for everyone. If doing all of this excites you, then we’d love to meet you!

What you would be doing:

  • Build detections to identify malicious activity leveraging the Elastic Security solution
  • Build new detection mechanisms beyond what is provided by Elastic Stack solutions to identify malicious and other potentially undesired activities and behaviors
  • Document detections and initial response actions as code so that response analysts have a playbook 
  • Continually review and tune existing detections for appropriateness, coverage, and to eliminate noise
  • Identify additional log sources that would close visibility gaps and work with security engineering to onboard those log sources
  • Identify areas for workflow automation, context enrichment, and other enhancements to the alerting workflow leveraging our SOAR platform or Elastic Stack native capabilities
  • Partner with the product team on new features, bug fixes, and detection ideas to transfer ideas into features
  • Provide feedback and testing of pre-release versions of the Elastic Stack to identify potential bugs at scale before they are released to our customers
  • Share with our community how we leverage the Elastic Stack to keep Elastic safe through blog posts, webinars, meetups, and other opportunities
  • Mentor and coach other team members in Information Security on best practices in the industry

What you bring along:

  • Seasoned experience designing, implementing, and performing monitoring and detection in a complex, global environment
  • Demonstrated ability to think innovatively about solving critical security problems
  • Curiosity for research and uncovering the unknown about cyber behavior
  • Experience analyzing threat profiles and indicators to develop unique techniques detecting threat actor activity
  • A passion for applying data and behavioral sciences to the world of information security
  • Experience with scripting and coding is a plus, especially in Python
Additional Information - We Take Care of Our People

As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn’t matter if you’re just out of college or your children are; we need you for what you can do.

We strive to have parity of benefits across regions and while regulations differ from place to place, we believe taking care of our people is the right thing to do.

  • Competitive pay based on the work you do here and not your previous salary
  • Health coverage for you and your family in many locations
  • Ability to craft your calendar with flexible locations and schedules for many roles
  • Generous number of vacation days each year
  • Double your charitable giving - We match up to $1500 (or local currency equivalent)
  • Up to 40 hours each year to use toward volunteer projects you love
  • Embracing parenthood with minimum of 16 weeks of parental leave

Different people approach problems differently. We need that. Elastic is committed to diversity as well as inclusion. We are an equal opportunity employer and committed to the principles of affirmative action. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. If you require any reasonable accessibility support, please complete our Candidate Accessibility Request Form.

Applicants have rights under Federal Employment Laws, view posters linked below:
Family and Medical Leave Act (FMLA) Poster; Equal Employment Opportunity (EEO) Poster; and Employee Polygraph Protection Act (EPPA) Poster.

Please see here for our Privacy Statement.

Learn about Elastic's Culture

Notify Me of Open Positions

Sign in with your social account to receive emails when Elastic posts open positions you might be interested in:

Powered By Ongig