Mediabistro logo
job logo

Elasticsearch Lead Engineer - SIEM Platform

The Vanguard Group · Lees Cross Roads, PA, USA ·

Pay:
100.000 - 130.000
Job type:
Full Time

Global Risk and Security

(GR&S) at

Vanguard

enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk‑informed decisions.

Within GR&S, the

Enterprise Security and Fraud

(ES&F) sub‑division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state‑of‑the‑art security and fraud capabilities. We are a world‑class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever‑changing security landscape.

Our crew are our greatest resource – by joining our team you will build collaborative long‑term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work‑life balance, and an investment in your future at its core.

Elasticsearch Lead Engineer - SIEM Platform

Architect and maintain high‑availability Elasticsearch clusters supporting large‑scale security event ingestion

Define and enforce Elastic Common Schema (ECS) field mappings across all data sources, ensuring consistent normalization for detection rules and analytics

Design and develop custom data ingestion pipelines using Elasticsearch

Integrate with AWS services including S3, Kinesis Data Streams, Lambda, and CloudWatch for log collection

Manage AWS infrastructure: EC2, S3, IAM, and Secrets Manager – using AWS CloudFormation

Implement data lifecycle management – hot/warm/cold/frozen tier strategies, ILM policies, and snapshot/restore to S3‑based data lakes

Partner with Detection Engineering and Threat Intelligence teams to optimize index strategies, queries, and dashboards in Kibana

Establish and maintain cluster security controls: TLS/mTLS, role‑based access control (RBAC), audit logging, and encryption at rest

Build resilient, fault‑tolerant architectures: cross‑cluster replication, shard allocation awareness, and disaster recovery runbooks

Perform activities related platform health monitoring and upgrade / patching

Troubleshoot and manage production technical issues related to Elasticsearch cloud

Define and enforce SLOs for ingestion latency, query performance, and cluster availability

Mentor junior engineers and establish best practices, runbooks, and architectural standards

Qualifications

Minimum of six years related work experience.

Undergraduate degree in a related field or the equivalent combination of training and experience.

6+ years of Elasticsearch / Elastic Stack (ELK) experience in a production security or observability environment

Deep understanding of

Elastic Common Schema (ECS)

and experience mapping diverse log sources (Windows, Linux, network, cloud, EDR) to ECS

Hands‑on experience operating Elasticsearch at scale (10TB+/day ingest, 100+ node clusters)

Proficiency with

AWS

– Kinesis, S3, IAM, CloudTrail, and AWS‑native log sources

Experience with

data streaming platforms

– Apache Kafka, or Confluent Platform – for high‑throughput event ingestion

Experience integrating with

data lake platforms

– AWS S3 / Lake Formation, Data Lake, or Apache Iceberg for long‑term retention and threat hunting

Strong understanding of security principles: least privilege, network segmentation, secrets management, audit logging

Experience building resilient systems: replication topologies, capacity planning, chaos engineering mindset, and documented DR procedures

Proficiency with infrastructure‑as‑code tools (Terraform, Ansible, or CDK) (Optional)

Preferred Qualifications

Elastic Certified Engineer or Elastic Certified Analyst certification

Experience with

Elastic Security / SIEM

detection rules, ML jobs, and Timeline investigations

Familiarity with MITRE ATT&CK framework and how it informs index and detection design

Experience with container‑based deployments of Elastic (ECK / Kubernetes)

Knowledge of compliance frameworks: SOC 2, PCI‑DSS, HIPAA, or FedRAMP

Special Factors
Sponsorship
Vanguard is not offering visa sponsorship for this position.

#J-18808-Ljbffr