Elastic Security Engineer - Cloud Defensive - 1 year contract

Redesign and document the Elastic stack architecture (Elasticsearch, Kibana, Elastic Security/Observability) to serve as a scalable, reliable defensive platform for the duration of the contract and beyond; Deliver production-ready ingestion pipelines for security and infrastructure telemetry - AWS/GCP audit logs, EDR telemetry, OS/syslog from Linux fl eets and key application logs - including Beats/Agents, ingest pipelines and index lifecycle management, with full documentation of design decisions; Produce and hand over optimisation recommendations and implementations for Elastic performance, scalability, cost and reliability, covering index strategy, shard planning, hot/warm/cold tiers and retention policies; Define and deliver reusable standards and templates for indices, data streams, mappings and dashboards that the team can maintain independently after contract completion; Implement detection content in Elastic (KQL/EQL queries, rules, anomaly jobs) using defense-as-code practices - versioning, code reviews, testing and CI/CD - and produce documentation suffi cient for the permanent team to extend and maintain the content; Collaborate with engineering teams, SOC and Incident Response to translate threat scenarios into Elastic rules, alerts and dashboards, and iterate based on their feedback to reduce false positives and improve signal quality; Deliver internal tooling improvements to support detection engineering - shared rule templates, test harnesses, linters, rule packaging - with related documentation and handover notes; Manage infrastructure, data pipeline and content deployments using IaC tools (like Terraform or CloudFormation) and CI/CD platforms (like GitHub Actions, Argo CD), ensuring all IaC is version-controlled and documented; Integrate Elastic with relevant security and cloud services (EDR agents, cloud-native security tools, ticketing, notification channels, SOAR) and document integration patterns for ongoing team use; Produce self-service on boarding patterns - data ingestion blueprints, dashboards, reference queries, runbooks - designed for independent use by product and platform teams after the engagement ends; Deliver clear dashboards covering data coverage, detection health and ingest reliability, with documentation to support ongoing maintenance; Produce a final handover package at the end of the engagement including architecture documentation, a prioritised backlog of outstanding work and a knowledge transfer session with the permanent team. Elastic and platform engineering expertiseInternational scope within Europe

• Strong hands-on experience designing, operating and troubleshooting Elastic deployments in production (on-prem or cloud-managed), with the ability to make and document architecture decisions to a standard that allows a team to operate and extend the platform independently.
• Experience building and operating log and telemetry ingestion pipelines into Elastic using Filebeat, Metricbeat, Elastic Agent, Logstash and ingest pipelines, including index lifecycle management.
• Profi ciency with Kibana across dashboards, visualisations, Lens, saved searches, alerting and spaces, with a track record of delivering maintainable, documented dashboard outputs.
• Solid understanding of distributed systems concepts relevant to Elastic: indexing, sharding, replication, cluster health, and performance and cost trade-offs at scale.
• Experience with infrastructure-as-code (Terraform, Ansible or CloudFormation) and CI/CD pipelines (GitHub Actions, Jenkins or equivalent) to deploy and manage infrastructure and automate confi guration.
• Hands-on experience with Linux systems, containers and Kubernetes (EKS or vanilla deployments).
• Experience with public cloud environments, preferably AWS and/or GCP, covering cloud logging, IAM basics and network fundamentals.
• Good understanding of core security and SOC concepts - logs, events, alerts, detections, triage and investigations - sufficient to work effectively alongside security engineers and SOC analysts and translate their requirements into platform and detection deliverables.
• Familiarity with threat detection concepts including TTPs, attacker behaviours and basic MITRE ATT&CK navigation, and how these map to log sources and detection signals.
• Strong scripting and automation skills in at least one language such as Go, Bash or Python.
• Demonstrated ability to produce clear technical documentation, runbooks, architecture decision records and handover materials to a standard that enables a team to work independently after contract completion.
• At least 3 years of experience in a relevant role such as Platform or Observability Engineer, Elastic Engineer, DevOps or Cloud Engineer or Security Engineer working extensively with Elastic.Nice to have
• Practical experience with Elastic Security or SIEM capabilities including detection rules, timelines, cases and EQL/KQL for threat detection.
• Hands-on experience integrating Elastic with EDR or runtime security tools such as CrowdStrike, or with cloud-native security services.
• Experience with SOAR tools or building automation around alert handling and incident response workfl ows.
• Prior work in a Cloud Security, Cloud Defense or SecOps team.
• Relevant certifications in Elastic, cloud security, Kubernetes or DevOps disciplines.

Attractive salary package Really flexible hybrid model (once per month at the office in Barcelona) Create and build solutions almost from scratch