Sr. Elastic Defend Architect

ECS is seeking a Sr. Elastic Defend Architect to work in our Colorado Springs, CO office.  

Are you passionate about the ever-evolving world of cybersecurity and eager to make a positive and lasting impact? Join our team at ECS, a leading provider of advanced solutions in cloud, cybersecurity, artificial intelligence (AI), data, and enterprise transformation. If you're seeking a challenging yet rewarding role where you can architect cutting-edge endpoint security capabilities, strengthen your skills, and collaborate with experts across disciplines, this opportunity is perfect for you.

We are seeking an experienced Elastic Defend Architect to join our ECS Managed Security Service Provider (MSSP) team. The ideal candidate will possess deep expertise in Elastic Defend, Elastic Security, and Elasticsearch, with strong experience designing and implementing scalable, resilient endpoint security architectures. This role combines the engineering rigor of Elasticsearch/observability management with the specialized focus of Elastic Security and EDR. You will work closely with cross-functional teams to build, optimize, and maintain high-performing Elastic Defend environments that support mission-critical cybersecurity operations.

Responsibilities

• Architect, design, and deploy Elastic Defend across large and distributed enterprise environments.
• Configure and manage Fleet Servers, agent enrollment workflows, endpoint security policies, and security integrations.
• Design and maintain scalable Elasticsearch clusters supporting Elastic Security workloads.
• Build and optimize ingestion pipelines for endpoint telemetry, audit logs, alerts, and other security-relevant data.
• Improve Elastic Security performance through index management, ILM tuning, ECS mapping optimization, and ingest pipeline enhancements.
• Develop and maintain observability frameworks using Kibana and related tooling, ensuring complete visibility into cluster and EDR operations.
• Implement and support logging, metrics, and tracing systems needed for real-time monitoring and detection.
• Analyze and visualize datasets to support threat hunting, anomaly detection, and operational insights.
• Troubleshoot Elastic Defend agent behavior, endpoint policy issues, resource conflicts, and integration failures.
• Ensure data integrity, security, and compliance across all Elastic Security components.
• Collaborate closely with SOC, Incident Response, DevOps, cloud, and platform engineering teams to align architecture with mission requirements.
• Provide technical guidance, mentoring, and subject-matter expertise to internal teams and external stakeholders.
• Document system architectures, runbooks, deployment patterns, procedures, and best practices.
• Stay up to date on emerging Elastic Security capabilities, endpoint threat trends, and evolving cybersecurity technologies.

Salary Range: $150,000 - $190,000

General Description of Benefits

• Outstanding verbal and written communication abilities.
• Ability and willingness to support domestic or international on-site travel as needed.
• Possess and maintain a valid U.S. Passport.
• Must have a Secret clearance, at minimum.