remote

Senior Security Engineer - Elastic SIEM & Detection Engineering - Acronis

Security Engineer

Senior Security Engineer leading Elastic SIEM and detection engineering, building scalable detection pipelines, enhancing telemetry quality, and creating high‑confidence detections to accelerate security response.

About the role

WHAT YOU'LL DO

Elastic SIEM & Platform Engineering:

Own and optimize the Elastic Security platform (Elasticsearch, Kibana, Fleet, Logstash, Elastic Agents)

Design and maintain ingestion pipelines for cloud, endpoint, network, and application telemetry

Improve telemetry quality, data retention, performance, and investigation workflows

Integrate SIEM workflows with SOAR and automation tooling

Detection Engineering & Detection-as-Code:

Build and maintain a Detection-as-Code pipeline using Git-based workflows and CI/CD automation

Develop, test, tune, and maintain high-fidelity detections using Elastic Security, EQL, and KQL

Reduce alert noise through tuning, enrichment, suppression, and exception handling

Map detections to MITRE ATT&CK and help drive detection coverage strategy

Track detection quality metrics including alert fidelity, false positive rates, and coverage gaps

Incident Response Support:

Assist with complex alert escalations and perform initial incident scoping

Execute initial containment actions when necessary (endpoint isolation, IP/domain blocking, account suspension)

Participate in a low-frequency on-call rotation for critical incidents

Translate incident learnings into improved detections and telemetry coverage

Collaboration & Automation:

Partner with infrastructure, DevSecOps, and cloud teams to improve logging and visibility

Build automation and tooling using Python and/or PowerShell

Support purple team exercises and adversary simulations

WHO WE'RE LOOKING FOR

5+ years of cybersecurity engineering experience

3+ years focused on SIEM engineering, detection engineering, or security analytics

Strong hands-on experience with Elastic Security and the Elastic Stack

Experience building or maintaining Detection-as-Code workflows using Git and CI/CD pipelines

Strong understanding of detection tuning, alert fidelity, and operational detection quality

Ability to independently investigate complex alerts and produce actionable findings

Technical Experience:

Elastic Security, Kibana, Fleet, Elastic Agents, EQL/KQL

Detection engineering and MITRE ATT&CK mapping

Jenkins, Bitbucket Pipelines, GitHub Actions, or similar CI/CD tooling

Python and/or PowerShell scripting

AWS CloudTrail, VPC Flow Logs, Azure Monitor, or similar telemetry sources

TCP/IP, DNS, HTTP/S, and common attack patterns

Threat intelligence enrichment and operationalization

Nice to Have:

SOAR playbook development and automated response workflows

Sigma rule development

Elastic detection-rules ecosystem familiarity

Terraform or Ansible experience

About the role

WHAT YOU'LL DO

Elastic SIEM & Platform Engineering:

Own and optimize the Elastic Security platform (Elasticsearch, Kibana, Fleet, Logstash, Elastic Agents)

Design and maintain ingestion pipelines for cloud, endpoint, network, and application telemetry

Improve telemetry quality, data retention, performance, and investigation workflows

Integrate SIEM workflows with SOAR and automation tooling

Detection Engineering & Detection-as-Code:

Build and maintain a Detection-as-Code pipeline using Git-based workflows and CI/CD automation

Develop, test, tune, and maintain high-fidelity detections using Elastic Security, EQL, and KQL

Reduce alert noise through tuning, enrichment, suppression, and exception handling

Map detections to MITRE ATT&CK and help drive detection coverage strategy

Track detection quality metrics including alert fidelity, false positive rates, and coverage gaps

Incident Response Support:

Assist with complex alert escalations and perform initial incident scoping

Execute initial containment actions when necessary (endpoint isolation, IP/domain blocking, account suspension)

Participate in a low-frequency on-call rotation for critical incidents

Translate incident learnings into improved detections and telemetry coverage

Collaboration & Automation:

Partner with infrastructure, DevSecOps, and cloud teams to improve logging and visibility

Build automation and tooling using Python and/or PowerShell

Support purple team exercises and adversary simulations

WHO WE'RE LOOKING FOR

5+ years of cybersecurity engineering experience

3+ years focused on SIEM engineering, detection engineering, or security analytics

Strong hands-on experience with Elastic Security and the Elastic Stack

Experience building or maintaining Detection-as-Code workflows using Git and CI/CD pipelines

Strong understanding of detection tuning, alert fidelity, and operational detection quality

Ability to independently investigate complex alerts and produce actionable findings

Technical Experience:

Elastic Security, Kibana, Fleet, Elastic Agents, EQL/KQL

Detection engineering and MITRE ATT&CK mapping

Jenkins, Bitbucket Pipelines, GitHub Actions, or similar CI/CD tooling

Python and/or PowerShell scripting

AWS CloudTrail, VPC Flow Logs, Azure Monitor, or similar telemetry sources

TCP/IP, DNS, HTTP/S, and common attack patterns

Threat intelligence enrichment and operationalization

Nice to Have:

SOAR playbook development and automated response workflows

Sigma rule development

Elastic detection-rules ecosystem familiarity

Terraform or Ansible experience

Senior Security Engineer - Elastic SIEM & Detection Engineering - Acronis

About the role

Senior Security Engineer - Elastic SIEM & Detection Engineering - Acronis

About the role

Skills