Elastic Security Engineer (Detection Platforms)
Job Description
[Up to c. $350k Comp Package | Hybrid Working - 2 Days in Office]
Role Overview
We’re working with a leading global quantitative trading firm operating at the intersection of advanced research, large-scale distributed systems, and ultra-low-latency infrastructure. The firm is seeking an Elastic Security Engineer to strengthen the engineering foundations of its security operations capability. This is not a SOC analyst or alert-triage role. Instead, the focus is on building and scaling the data platforms that detection and response teams rely on. You’ll engineer the pipelines, integrations, and automation that allow security telemetry to be ingested, enriched, normalised, and analysed reliably at scale. Sitting close to infrastructure and platform engineering teams, this role is ideal for someone who understands how SOCs operate in practice, but who now prefers engineering systems over working tickets. If you enjoy turning noisy, fragmented data into high-quality detection signals - and doing so with code, automation, and rigour - this role is built for you...
Key Responsibilities
- Design, implement, and evolve end-to-end security telemetry pipelines across the Elastic Stack, handling ingestion, parsing, mapping, enrichment, and visualisation at scale
- Own and optimise Elasticsearch-based SIEM integrations, ensuring security data is accurate, searchable, performant, and operationally reliable
- Build Python-based tooling and automation to support ingestion workflows, enrichment logic, and detection enablement
- Integrate SIEM pipelines with adjacent security technologies, including SOAR, UEBA, and DLP, to support advanced detection and response use cases
- Partner closely with detection engineers and incident responders to ensure telemetry supports real investigative workflows, not theoretical ones
- Embed security data processing into CI/CD pipelines, enabling repeatable, version-controlled, and resilient deployments
- Maintain and enhance DLP rules and data protection logic, ensuring sensitive information and intellectual property are effectively monitored
- Apply UEBA techniques to support identification of subtle behavioural anomalies and insider risk scenarios
- Troubleshoot complex data quality, parsing, and performance issues across Linux-based systems and distributed environments
- Participate in light operational coverage during business hours and planned maintenance windows (this is not a 24/7 SOC role)
What You’ll Bring…
- 5-9 years’ experience in security engineering, detection engineering, or senior SOC roles, with clear progression beyond alert triage
- Deep, hands-on expertise with Elasticsearch and the Elastic Stack, particularly for SIEM-style security telemetry
- Strong understanding of SIEM data models, log ingestion patterns, event normalisation, and correlation strategies
- Practical experience working alongside or within SOC environments (L2-L3 level exposure strongly aligned)
- Excellent Python scripting skills for automation, enrichment, and integration work
- Experience tuning detection logic or supporting incident response in high-performance or research-led environments
- Solid Linux fundamentals, including debugging, log analysis, and systems-level troubleshooting
- Working knowledge of SOAR, UEBA, and DLP concepts and how they interact with SIEM platforms
- Experience integrating security tooling into CI/CD workflows and automated deployment pipelines
- A systems-oriented mindset - you care about scale, reliability, and maintainability as much as detection accuracy
- Clear communication skills and the ability to translate between security, infrastructure, and engineering teams
- (Preferred) Exposure to large-scale, high-throughput data processing systems
- (Preferred) Background in financial services, trading, or similarly latency- and reliability-sensitive domains
...
Apply for this role
All fields marked with * are required.