Senior Offensive Security Engineer - Detection & Adversary Research

The Threat Research and Detection Engineering (TRaDE) team is responsible for developing and maintaining the prebuilt detection logic shipped with Elastic Security, researching emerging threats, validating detection efficacy, and engaging with the global community to democratize defensive capabilities.

We're looking for a Senior Offensive Security Engineer with a strong adversarial perspective and hands-on offensive engineering skills. This role focuses on strengthening detections, surfacing bypasses, improving telemetry usage, and building internal capabilities that help us stay ahead of attackers. If you enjoy digging into real-world tradecraft and using it to elevate defensive engineering, this might be the perfect fit!

Curious if this role fits you?

• Enjoy uncovering how attackers really think?
• Interested in shaping detections used by thousands of organizations worldwide?
• Love building tools that make defenders better?

What you'll be doing:

Instead of traditional red-team campaigns or long-form assessments, the work centers on focused, high-impact offensive research and engineering:

• Partnering with detection engineers and researchers to validate logic, challenge assumptions, and uncover evasions.
• Running targeted adversarial tests to explore realistic attacker behaviors and improve detection coverage.
• Creating internal tooling that generates telemetry, mimics attacker techniques, or automates validation workflows.
• Analyzing exploit behavior, payload mechanics, and attacker tradecraft, occasionally using lightweight reverse engineering when it directly supports detection work.
• Identifying telemetry gaps or weak signals and collaborating with engineering teams to improve visibility.
• Contributing to purple-team style initiatives by translating offensive findings into durable, production-ready detections.
• Sharing research and insights through Elastic Security Labs, blogs, workshops, or community engagements.
• Keeping up with attacker trends, tools, and evasion techniques to help guide our detection roadmap.

What you bring:

Candidates often bring experience from offensive security, adversarial R&D, red teaming, exploit research, or offensive tooling development. A strong engineering mindset and curiosity about how attackers think tend to be excellent signals for success.

• Proficiency with scripting languages like Python, PowerShell, or Bash; familiarity with C/C++ for PoCs or bypass tools.
• Experience researching evasions, testing detection boundaries, or probing SIEM/EDR/cloud detection systems.
• Understanding exploit behavior, OS internals, telemetry sources, and attacker tradecraft.
• Knowledge of MITRE ATT&CK and common offensive frameworks, with the ability to adapt tooling when needed.
• Clear communication when collaborating with defenders such as SOC analysts, detection engineers, or incident responders.
• A creative and inquisitive approach to security problems-and an interest in helping defenders win!

Bonus:

• Experience writing or contributing to detections for SIEM, EDR, cloud environments, or related platforms.
• Understanding of the Elastic Security Solution, Elastic's prebuilt rules, Elastic query languages, or the Elastic Common Schema.
• Experience developing offensive testing frameworks, telemetry generators, or automated detection QA pipelines.
• Contributions to open-source security tools, research publications, technical blog posts, or conference talks.
• Knowledge of RE tools like Ghidra or IDA (useful occasionally, but not a core part of the job).