Senior Security Engineer - Elastic SIEM and Detection Engineering

Acronis is a global leader in cyber protection, delivering AI-powered protection for productive MSPs in a single, natively integrated platform that unifies operations management, cybersecurity, and data protection. Driven by our mission to protect, manage and automate every workload that businesses and lives depend on, we've built the industry's only all-in-one solution.What You'll Do Elastic SIEM & Platform Engineering Own and optimize the Elastic Security platform (Elasticsearch, Kibana, Fleet, Logstash, Elastic Agents)Design and maintain ingestion pipelines for cloud, endpoint, network, and application telemetryImprove telemetry quality, data retention, performance, and investigation workflowsIntegrate SIEM workflows with SOAR and automation toolingDetection Engineering & Detection-as-Code Build and maintain a Detection-as-Code pipeline using Git-based workflows and CI/CD automationDevelop, test, tune, and maintain high-fidelity detections using Elastic Security, EQL, and KQLReduce alert noise through tuning, enrichment, suppression, and exception handlingMap detections to MITRE ATT&CK and help drive detection coverage strategyTrack detection quality metrics including alert fidelity, false positive rates, and coverage gapsIncident Response Support Assist with complex alert escalations and perform initial incident scopingExecute initial containment actions when necessary (endpoint isolation, IP/domain blocking, account suspension)Participate in a low-frequency on-call rotation for critical incidentsTranslate incident learnings into improved detections and telemetry coverageCollaboration & Automation Partner with infrastructure, DevSecOps, and cloud teams to improve logging and visibilityBuild automation and tooling using Python and/or PowerShellSupport purple team exercises and adversary simulationsWho We're Looking For 5+ years of cybersecurity engineering experience3+ years focused on SIEM engineering, detection engineering, or security analyticsStrong hands‑on experience with Elastic Security and the Elastic StackExperience building or maintaining Detection-as-Code workflows using Git and CI/CD pipelinesStrong understanding of detection tuning, alert fidelity, and operational detection qualityAbility to independently investigate complex alerts and produce actionable findingsTechnical Experience: Elastic Security, Kibana, Fleet, Elastic Agents, EQL/KQLDetection engineering and MITRE ATT&CK mappingJenkins, Bitbucket Pipelines, GitHub Actions, or similar CI/CD toolingPython and/or PowerShell scriptingAWS CloudTrail, VPC Flow Logs, Azure Monitor, or similar telemetry sourcesTCP/IP, DNS, HTTP/S, and common attack patternsThreat intelligence enrichment and operationalizationNice to have: SOAR playbook development and automated response workflowsSigma rule developmentElastic detection‑rules ecosystem familiarityTerraform or Ansible experiencePrevious SOC or Incident Response backgroundWhat Success Looks Like 30 Days: Validate telemetry sources and establish initial detection coverage baseline90 Days: Operational Detection-as-Code pipeline with initial custom detections deployed180 Days: Reduced alert noise, improved coverage visibility, and stabilized SIEM operationsCompensation & Benefits The US pay range for this position is $123,000–$180,000. This range reflects the minimum and maximum total target annual compensation for this role across all U.S. locations. The actual compensation offered at the start of employment is determined based on factors including, but not limited to, experience level, knowledge, skills, and geographic location. In addition to competitive compensation, this role includes a comprehensive benefits package featuring medical, dental, and vision coverage, flexible spending accounts (FSA), disability and life insurance, a 401(k) retirement plan with company match, and a generous vacation policy.Equal Employment Opportunity Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances.#J-18808-Ljbffr

Acronis is a global leader in cyber protection, delivering AI-powered protection for productive MSPs in a single, natively integrated platform that unifies operations management, cybersecurity, and data protection. Driven by our mission to protect, manage and automate every workload that businesses and lives depend on, we've built the industry's only all-in-one solution.What You'll Do Elastic SIEM & Platform Engineering Own and optimize the Elastic Security platform (Elasticsearch, Kibana, Fleet, Logstash, Elastic Agents)Design and maintain ingestion pipelines for cloud, endpoint, network, and application telemetryImprove telemetry quality, data retention, performance, and investigation workflowsIntegrate SIEM workflows with SOAR and automation toolingDetection Engineering & Detection-as-Code Build and maintain a Detection-as-Code pipeline using Git-based workflows and CI/CD automationDevelop, test, tune, and maintain high-fidelity detections using Elastic Security, EQL, and KQLReduce alert noise through tuning, enrichment, suppression, and exception handlingMap detections to MITRE ATT&CK and help drive detection coverage strategyTrack detection quality metrics including alert fidelity, false positive rates, and coverage gapsIncident Response Support Assist with complex alert escalations and perform initial incident scopingExecute initial containment actions when necessary (endpoint isolation, IP/domain blocking, account suspension)Participate in a low-frequency on-call rotation for critical incidentsTranslate incident learnings into improved detections and telemetry coverageCollaboration & Automation Partner with infrastructure, DevSecOps, and cloud teams to improve logging and visibilityBuild automation and tooling using Python and/or PowerShellSupport purple team exercises and adversary simulationsWho We're Looking For 5+ years of cybersecurity engineering experience3+ years focused on SIEM engineering, detection engineering, or security analyticsStrong hands‑on experience with Elastic Security and the Elastic StackExperience building or maintaining Detection-as-Code workflows using Git and CI/CD pipelinesStrong understanding of detection tuning, alert fidelity, and operational detection qualityAbility to independently investigate complex alerts and produce actionable findingsTechnical Experience: Elastic Security, Kibana, Fleet, Elastic Agents, EQL/KQLDetection engineering and MITRE ATT&CK mappingJenkins, Bitbucket Pipelines, GitHub Actions, or similar CI/CD toolingPython and/or PowerShell scriptingAWS CloudTrail, VPC Flow Logs, Azure Monitor, or similar telemetry sourcesTCP/IP, DNS, HTTP/S, and common attack patternsThreat intelligence enrichment and operationalizationNice to have: SOAR playbook development and automated response workflowsSigma rule developmentElastic detection‑rules ecosystem familiarityTerraform or Ansible experiencePrevious SOC or Incident Response backgroundWhat Success Looks Like 30 Days: Validate telemetry sources and establish initial detection coverage baseline90 Days: Operational Detection-as-Code pipeline with initial custom detections deployed180 Days: Reduced alert noise, improved coverage visibility, and stabilized SIEM operationsCompensation & Benefits The US pay range for this position is $123,000–$180,000. This range reflects the minimum and maximum total target annual compensation for this role across all U.S. locations. The actual compensation offered at the start of employment is determined based on factors including, but not limited to, experience level, knowledge, skills, and geographic location. In addition to competitive compensation, this role includes a comprehensive benefits package featuring medical, dental, and vision coverage, flexible spending accounts (FSA), disability and life insurance, a 401(k) retirement plan with company match, and a generous vacation policy.Equal Employment Opportunity Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances.#J-18808-Ljbffr

• 

• Government Careers