"Alerted.org

Job Description

Insight Global is supporting a mission-focused customer seeking a highly skilled Elastic Defend Architect. This individual will play a critical role in designing, scaling, and sustaining enterprise-grade endpoint detection and response (EDR) capabilities using the Elastic Security ecosystem. The position blends deep technical expertise in Elasticsearch platforms with specialized knowledge of endpoint protection, security analytics, and operational resilience.

This role partners closely with security operations, platform engineering, and cloud teams to deliver reliable, high-performance security architectures that support critical cybersecurity missions.

Lead the architecture, design, and implementation of Elastic Defend solutions across large-scale, distributed enterprise environments

Deploy and manage Elastic Agent and Fleet Server architectures, including enrollment workflows, endpoint security policies, and security integrations

Design and operate highly available, scalable Elasticsearch clusters optimized for Elastic Security and EDR workloads

Develop and refine data ingestion pipelines for endpoint telemetry, audit events, alerts, and other security-relevant data sources

Optimize Elastic Security performance using index strategies, ILM lifecycle tuning, ECS alignment, and ingest pipeline enhancements

Build and sustain observability and monitoring frameworks with Kibana and related Elastic tools to ensure visibility into cluster health and endpoint operations

Implement logging, metrics, and tracing capabilities to enable real-time monitoring, detection, and operational awareness

Analyze and visualize security datasets in support of threat hunting, anomaly detection, and investigative workflows

Diagnose and resolve issues related to Elastic Defend agent behavior, endpoint policy enforcement, performance constraints, and integration challenges

Enforce data security, integrity, and compliance standards across Elastic Security components

Collaborate with SOC, Incident Response, DevOps, cloud, and platform teams to ensure architecture aligns with operational and mission needs

Serve as a technical subject matter expert, providing mentorship, architectural guidance, and best-practice recommendations

Produce and maintain technical documentation, including architecture diagrams, deployment guides, runbooks, and operational procedures

Stay current on Elastic Security advancements, endpoint threat evolution, and emerging cybersecurity technologies

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Skills and Requirements

Experience architecting or administering Elastic Security / Elastic Defend solutions in production environments.

Certifications such as Elastic Certified Engineer, Elastic Certified Analyst, or Elastic Security Engineer.

Strong understanding of SIEM and EDR concepts and hands-on experience with platforms such as Elastic, Splunk, QRadar, LogRhythm, or Sentinel.

Proficiency with Linux/Unix systems, networking fundamentals, and cloud environments (AWS, Azure, GCP).

Experience with DevOps/SRE methodologies, including automation, CI/CD, configuration management, and infrastructure-as-code.

Strong scripting abilities in Python, PowerShell, or Bash for automation and data transformation.

Deep knowledge of modern threat landscapes, endpoint attack techniques, and defensive security controls.