Sr. Elastic Defend Architect (SECRET CLEARANCE REQUIRED)

A&M Technologies is  seeking an experienced Elastic Defend Architect to join our partner's Managed Security Service Provider (MSSP) team. The ideal candidate will possess deep expertise in Elastic Defend, Elastic Security, and Elasticsearch, with strong experience designing and implementing scalable, resilient endpoint security architectures. This role combines the engineering rigor of Elasticsearch/observability management with the specialized focus of Elastic Security and EDR. You will work closely with cross-functional teams to build, optimize, and maintain high-performing Elastic Defend environments that support mission-critical cybersecurity operations.

Responsibilities

• Architect, design, and deploy Elastic Defend across large and distributed enterprise environments.
• Configure and manage Fleet Servers, agent enrollment workflows, endpoint security policies, and security integrations.
• Design and maintain scalable Elasticsearch clusters supporting Elastic Security workloads.
• Build and optimize ingestion pipelines for endpoint telemetry, audit logs, alerts, and other security-relevant data.
• Improve Elastic Security performance through index management, ILM tuning, mapping optimization, and ingest pipeline enhancements.
• Develop and maintain observability frameworks using Kibana and related tooling, ensuring complete visibility into cluster and EDR operations.
• Implement and support logging, metrics, and tracing systems needed for real-time monitoring and detection.
• Analyze and visualize datasets to support threat hunting, anomaly detection, and operational insights.
• Troubleshoot Elastic Defend agent behavior, endpoint policy issues, resource conflicts, and integration failures.
• Ensure data integrity, security, and compliance across all Elastic Security components.
• Collaborate closely with SOC, Incident Response, DevOps, cloud, and platform engineering teams to align architecture with mission requirements.
• Provide technical guidance, mentoring, and subject-matter expertise to internal teams and external stakeholders.
• Document system architectures, runbooks, deployment patterns, procedures, and best practices.
• Stay up to date on emerging Elastic Security capabilities, endpoint threat trends, and evolving cybersecurity technologies.

Required Skills

• Outstanding verbal and written communication abilities.
• Ability and willingness to support domestic or international on-site travel as needed.
• Possess and maintain a valid U.S. Passport.
• Must have a Secret clearance, at minimum.

Desired Skills

• Experience architecting or administering Elastic Security / Elastic Defend solutions in production environments.
• Certifications such as Elastic Certified Engineer, Elastic Certified Analyst, or Elastic Security Engineer.
• Strong understanding of SIEM and EDR concepts and hands-on experience with platforms such as Elastic, Splunk, QRadar, LogRhythm, or Sentinel.
• Proficiency with Linux/Unix systems, networking fundamentals, and cloud environments (AWS, Azure, GCP).
• Experience with DevOps/SRE methodologies, including automation, CI/CD, configuration management, and infrastructure-as-code.
• Strong scripting abilities in Python, PowerShell, or Bash for automation and data transformation.
• Deep knowledge of modern threat landscapes, endpoint attack techniques, and defensive security controls.
• Familiarity with search/indexing technologies such as Solr or Lucene is a plus.

Powered by JazzHR