A&M Technologies is seeking an experienced Elastic Defend Architect to join a Managed Security Service Provider (MSSP) team. The role involves designing, deploying, and optimizing Elastic Defend and Elastic Security solutions in large-scale environments, with a focus on endpoint security, observability, and integration with Elasticsearch infrastructure.
Responsibilities
- Architect, design, and deploy Elastic Defend across large and distributed enterprise environments.
- Configure and manage Fleet Servers, agent enrollment workflows, endpoint security policies, and security integrations.
- Design and maintain scalable Elasticsearch clusters supporting Elastic Security workloads.
- Build and optimize ingestion pipelines for endpoint telemetry, audit logs, alerts, and other security-relevant data.
- Improve Elastic Security performance through index management, ILM tuning, mapping optimization, and ingest pipeline enhancements.
- Develop and maintain observability frameworks using Kibana and related tooling, ensuring complete visibility into cluster and EDR operations.
- Implement and support logging, metrics, and tracing systems needed for real-time monitoring and detection.
- Analyze and visualize datasets to support threat hunting, anomaly detection, and operational insights.
- Troubleshoot Elastic Defend agent behavior, endpoint policy issues, resource conflicts, and integration failures.
- Ensure data integrity, security, and compliance across all Elastic Security components.
- Collaborate closely with SOC, Incident Response, DevOps, cloud, and platform engineering teams to align architecture with mission requirements.
- Provide technical guidance, mentoring, and subject-matter expertise to internal teams and external stakeholders.
- Document system architectures, runbooks, deployment patterns, procedures, and best practices.
- Stay up to date on emerging Elastic Security capabilities, endpoint threat trends, and evolving cybersecurity technologies.
Requirements
- Outstanding verbal and written communication abilities.
- Ability and willingness to support domestic or international on-site travel as needed.
- Possess and maintain a valid U.S. Passport.
- Must have a Secret clearance, at minimum.
Nice to Have
- Experience architecting or administering Elastic Security / Elastic Defend solutions in production environments.
- Certifications such as Elastic Certified Engineer, Elastic Certified Analyst, or Elastic Security Engineer.
- Strong understanding of SIEM and EDR concepts and hands-on experience with platforms such as Elastic, Splunk, QRadar, LogRhythm, or Sentinel.
- Proficiency with Linux/Unix systems, networking fundamentals, and cloud environments (AWS, Azure, GCP).
- Experience with DevOps/SRE methodologies, including automation, CI/CD, configuration management, and infrastructure-as-code.
- Strong scripting abilities in Python, PowerShell, or Bash for automation and data transformation.
- Deep knowledge of modern threat landscapes, endpoint attack techniques, and defensive security controls.
- Familiarity with search/indexing technologies such as Solr or Lucene is a plus.
Tech Stack
Elastic Defend, Elastic Security, Elasticsearch, Kibana, Fleet Server, EDR, SIEM, AWS, Azure, GCP, Linux, Unix, Python, PowerShell, Bash, Solr, Lucene
Work Arrangement
onsite
Team
Team size: not specified. Structure: cross-functional team including SOC, Incident Response, DevOps, cloud, and platform engineering. Reports to: not specified
Additional Information
- Must have a Secret clearance, at minimum.
- Possess and maintain a valid U.S. Passport.
- Ability and willingness to support domestic or international on-site travel as needed.
