Sr. Elastic Defend Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

ECS ยท 10 hours ago

Sr. Elastic Defend Analyst

positionColorado Springs, CO
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$120K/yr - $165K/yr
date2+ years exp

ECS is a leading managed cybersecurity services provider specializing in tailored cybersecurity solutions. The Sr. Elastic Defend Analyst role focuses on utilizing Elastic Security to detect threats, investigate incidents, and enhance customer protection while collaborating across various technical and operational domains.

Artificial Intelligence (AI)Cloud InfrastructureComplianceConsultingCyber SecurityInformation TechnologyMachine LearningSecuritySoftware
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Deploy, configure, and tune Elastic Defend agents across customer endpoints
Monitor, analyze, and respond to endpoint telemetry, alerts, and detections generated by Elastic Defend
Create and refine endpoint detection rules, exceptions, and response workflows to minimize false positives and strengthen threat coverage
Leverage Elastic SIEM to correlate events across logs, endpoints, cloud, and network sources
Build dashboards, detection rules, visualizations, and analytics that provide actionable intelligence to customers
Perform root-cause analysis on alerts and incidents, producing clear and detailed technical reports
Conduct proactive hunts within Elastic Security using endpoint data, process behavior, and threat intelligence
Investigate emerging threats, vulnerabilities, and adversary TTPs to enhance detection capabilities
Contribute to continuous improvement of customer defenses by identifying gaps and proposing enhancements
Support incident triage, containment, remediation, and recovery using Elastic Defend and SIEM capabilities
Analyze malicious files, processes, persistence mechanisms, and attacker behavior on compromised endpoints
Assist customers during large-scale or targeted breach investigations
Develop custom detections, machine learning jobs, ingest pipeline logic, and endpoint response actions
Use scripting (Python, PowerShell, etc.) to automate repetitive tasks, enrich data, or streamline investigations
Evaluate new Elastic Security features and contribute recommendations for customer adoption
Collaborate with threat intelligence, SOC, threat hunting, and engineering teams to improve customer protection
Provide clear, actionable guidance to technical and non-technical stakeholders
Share best practices on Elastic Defend configuration, tuning, and operational use

Qualification

Elastic DefendElastic SIEMCybersecurity conceptsScripting PythonScripting PowerShellIncident responseThreat huntingAnalytical skillsSecurity Operations Center (SOC)Adversary techniquesEntry-level cybersecurity certificationCommunication skillsProblem-solving skillsCollaboration skills

Required

2+ years of cybersecurity experience, preferably in detection, incident response, or endpoint security
Strong hands-on expertise with Elastic Defend for EDR/endpoint telemetry, detection rule creation, and agent management
Proficiency with Elastic SIEM, Kibana dashboards, ingest pipelines, and related Elastic Security components
Solid understanding of cybersecurity concepts (network protocols, malware behavior, encryption, threat actor TTPs)
Strong analytical skills for interpreting endpoint and log data to detect anomalies
Scripting experience (Python, PowerShell, or similar) for automation and data manipulation
Experience creating or tuning SIEM/EDR rules, dashboards, and security content
Excellent written and verbal communication skills
Ability to work in a fast-paced environment with strong problem-solving skills
Able and willing to perform planned domestic or international travel
Must possess and maintain a U.S. Passport
Secret clearance required (minimum)

Preferred

Relevant certifications such as Elastic Certified Analyst, CISSP, CEH, GCIH, or similar
Experience working in a Security Operations Center (SOC)
Hands-on with EDR, SIEM, SOAR, and ticketing workflows
Familiarity with adversary techniques and frameworks (MITRE ATT&CK)
Ability to support ad-hoc scripting and automation across multiple languages
Possession of an entry-level cybersecurity certification (A+, Net+, Sec+, GSEC, etc.)

Company

ECS

twittertwittertwitter
Glassdoor3.6
company-logo
ECS is a fast-growing 4,000-person, $1.2B provider of advanced technology solutions for federal civilian, defense, intelligence, and commercial customers.
dateFounded in 2001
location
Fairfax, Virginia, USA
people-size1001-5000 employees
web-link
https://www.ecstech.com

Funding

Current Stage
Late Stage
Total Funding
unknown
2018-01-31Acquired
2015-04-10Private Equity

Leadership Team

leader-logo
Keith McCloskey
VP / Chief Technology Officer
linkedin
leader-logo
Ryan Garner
Chief Financial Officer
linkedin

Recent News

Morningstar.com
ECS Recognized as a Top Partner with 2025 Elastic Services Partner Award โ€“ AMER
2025-11-19
MarketScreener
ECS Joint Venture 1CyberForce Wins Spot On $20B Cybersecurity Vehicle
2025-03-26
citybiz
ECS Names John Lau Vice President of Defense and Intel Solutions
2025-02-14
Company data provided by crunchbase