A&M Technologies, Inc. is hiring an Elastic Defend Architect to join our Managed Security Service Provider (MSSP) team. This role combines Elasticsearch engineering with a deep focus on Elastic Security and EDR to build, optimize, and maintain high-performing Elastic Defend environments that support mission-critical cybersecurity operations.
What You'll Do
- Architect, design, and deploy Elastic Defend across large and distributed enterprise environments.
- Configure and manage Fleet Servers, agent enrollment workflows, endpoint security policies, and security integrations.
- Design and maintain scalable Elasticsearch clusters supporting Elastic Security workloads.
- Build and optimize ingestion pipelines for endpoint telemetry, audit logs, alerts, and other security-relevant data.
- Improve Elastic Security performance through index management, ILM tuning, mapping optimization, and ingest pipeline enhancements.
- Develop and maintain observability frameworks using Kibana and related tooling, ensuring complete visibility into cluster and EDR operations.
- Implement and support logging, metrics, and tracing systems needed for real-time monitoring and detection.
- Analyze and visualize datasets to support threat hunting, anomaly detection, and operational insights.
- Troubleshoot Elastic Defend agent behavior, endpoint policy issues, resource conflicts, and integration failures.
- Ensure data integrity, security, and compliance across all Elastic Security components.
- Collaborate closely with SOC, Incident Response, DevOps, cloud, and platform engineering teams to align architecture with mission requirements.
- Provide technical guidance, mentoring, and subject-matter expertise to internal teams and external stakeholders.
- Document system architectures, runbooks, deployment patterns, procedures, and best practices.
- Stay up to date on emerging Elastic Security capabilities, endpoint threat trends, and evolving cybersecurity technologies.
What We're Looking For
- Outstanding verbal and written communication abilities.
- Ability and willingness to support domestic or international on-site travel as needed.
- Possess and maintain a valid U.S. Passport.
- Must have a Secret clearance, at minimum.
Nice to Have
- Experience architecting or administering Elastic Security / Elastic Defend solutions in production environments.
- Certifications such as Elastic Certified Engineer, Elastic Certified Analyst, or Elastic Security Engineer.
- Strong understanding of SIEM and EDR concepts and hands-on experience with platforms such as Elastic, Splunk, QRadar, LogRhythm, or Sentinel.
- Proficiency with Linux/Unix systems, networking fundamentals, and cloud environments (AWS, Azure, GCP).
- Experience with DevOps/SRE methodologies, including automation, CI/CD, configuration management, and infrastructure-as-code.
- Strong scripting abilities in Python, PowerShell, or Bash for automation and data transformation.
- Deep knowledge of modern threat landscapes, endpoint attack techniques, and defensive security controls.
- Familiarity with search/indexing technologies such as Solr or Lucene is a plus.
Technical Stack
- Elastic Defend, Elastic Security, Elasticsearch, Kibana
- Linux/Unix, AWS, Azure, GCP
- Python, PowerShell, Bash
- Solr, Lucene
Team & Environment
You will work within our Managed Security Service Provider (MSSP) team, collaborating closely with SOC, Incident Response, DevOps, cloud, and platform engineering teams.
A&M Technologies, Inc. is an equal opportunity employer.
