Consulting Engineer - Security

What is The Role:

As a Consulting Engineer - Security, you will play a pivotal role in helping our customers realize the value of Elastic’s Security solutions. Acting as a trusted technical advisor, you will work with enterprises to design, deliver, and scale security architectures that strengthen detection, response, and resilience.

You’ll collaborate with Elastic’s Professional Services, Engineering, Product, and Sales teams to accelerate adoption of the Elastic Security platform, ensuring customers maximize the value of their data while improving their security posture. This is a highly impactful role, with opportunities to guide strategy, lead complex implementations, and mentor both customers and teammates.

What You Will Be Doing:

• Translate business and technical requirements into scalable, outcome-driven solutions built on the Elastic Stack.
• Lead end-to-end delivery of customer engagements — from discovery and design through implementation, enablement, and optimization.
• Partner with customers to architect, deploy, and operationalize Elastic solutions that drive measurable value and adoption.
• Provide technical oversight, guidance, and enablement to customers and teammates throughout project lifecycles.
• Collaborate cross-functionally with Sales, Product, Engineering, and Support to ensure successful outcomes and continuous improvement.
• Capture and share best practices, lessons learned, and solution patterns across the Elastic Services community.
• Contribute to internal enablement, mentoring, and a culture of continuous learning and collaboration.
• Guide customers in SIEM, endpoint, and cloud security use cases using Elastic Agents, Beats, Logstash, and related technologies.
• Design and implement detection rules, dashboards, visualizations, and alerts for critical security operations.
• Optimize ingestion pipelines for performance, scalability, and resiliency at enterprise scale.

What You Bring:

• 3+ years as a consultant, architect, or engineer with expertise in security, monitoring, or related domains.
• Proven experience deploying Elastic Security (SIEM, endpoint, cloud) or similar solutions (Splunk, QRadar, Arcsight, etc.) at enterprise scale.
• Strong experience with data ingestion, parsing, and normalization (Elastic Agents, Beats, Logstash, Kafka, Redis).
• Familiarity with threat detection, incident response workflows, and security analytics best practices.
• Hands-on expertise with distributed systems, large-scale infrastructure, and public cloud platforms (AWS, Azure, GCP).
• Ability to design and deliver dashboards, detections, and response workflows that drive actionable insights.
• Knowledge of common frameworks and standards (MITRE ATT&CK, NIST, ISO 27001, PCI-DSS).
• Proficiency in Linux and at least one programming or scripting language (e.g., Python, Java, PowerShell).
• Strong communication and presentation skills, with experience engaging directly with customers.
• Bachelor’s, Master’s, or PhD in Computer Science, Engineering, Cybersecurity, or related field, or equivalent experience.
• Comfortable working in highly distributed teams, both remote and on-site when needed.
• Willingness to travel up to 40%.

Bonus Points:

• Elastic Certified Engineer or deep expertise with Elasticsearch and Lucene.
• Big 4 consulting or equivalent professional services experience.
• Experience with endpoint security solutions such as Elastic Endpoint Security, EDR, or AV platforms.
• Knowledge of DevSecOps, Kubernetes, container security, and infrastructure-as-code tools (Terraform, Ansible).
• Experience contributing to open-source projects or documentation.
• Public speaking experience at conferences, meetups, or enterprise workshops.

Key skills/competency:

• Security Architecture
• Elastic Security Platform
• SIEM (Security Information and Event Management)
• Endpoint Security
• Cloud Security
• Data Ingestion (Beats, Logstash)
• Threat Detection & Response
• AWS, Azure, GCP
• Linux
• Python/Java/PowerShell