Security Research Engineer II & Threat Research & Detection Engineering

Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale — unleashing the potential of businesses and people. The Elastic Search AI Platform, used by more than 50% of the Fortune 500, brings together the precision of search and the intelligence of AI to enable everyone to accelerate the results that matter. By taking advantage of all structured and unstructured data — securing and protecting private information more effectively — Elastic’s complete, cloud-based solutions for search, security, and observability help organizations deliver on the promise of AI.

The Threat Research and Detection Engineering (TRaDE) team is responsible for developing and maintaining the prebuilt detection logic shipped with Elastic Security, researching emerging threats, validating detection efficacy, and engaging with the global community to democratize defensive capabilities.

We’re looking for a Security Research Engineer II with strong security fundamentals, hands‑on detection engineering experience, and an interest in validating and improving defensive protections. This role focuses on driving threat research and real telemetry into high‑quality, reliable, high‑efficacy detection content.

This position centers on practical detection development and validation work across multiple data sources and attack surfaces. Responsibilities include writing and refining detection logic, validating rule behavior, and improving detection quality through telemetry analysis and testing.

Key focus areas include:

• Creating and refining detection logic yma across multiple domains (endpoint, cloud, identity, network, web, and email) domains using Elastic data sources.
• Validating rule behavior through functional testing, false‑positive review, and iterative tuning.
• Evaluating attack paths across domains and contributing to coverage improvements throughout the kill chain.
• Analyzing multi‑source telemetry to uncover detection opportunities and strengthen signal‑to‑noise ratios.
• Supporting cloud security validation efforts for AWS, Azure, or GCP detections.
• Collaborating with senior researchers to test new detection approaches and incorporate emerging attacker techniques.
• Using lightweight simulation tools or scripted tests to generate telemetry and validate detection behavior.
• Participating in Elastic-shopping the cleaners? detection package updates, documentation User Doc teamwork with community knowledge sharing when appropriate!

The ideal candidate brings solid security experience and a strong understanding of how attacker behaviors manifest in telemetry.

Beneficial strengths include:

• Experience in detection engineering, threat research, SOC operations, incident response, or related blue‑team roles.
• Understanding of core concepts across multiple domains.
• Ability to write or validate detections using EQL, KQL, SQL, or similar query languages.
• Familiarity with MITRE ATT&CK, MITRE ATLAS, and its application to mapping detection coverage.
• Strong analytical and problem‑solving skills, especially around false positives and weak‑signal detection logic.
• Clear, collaborative communication and willingness to learn from and partner with senior researchers.

• Understanding of the Elastic Security Solution, Elastic’s prebuilt rules, Elastic query languages, or the Elastic Common Schema.
• Experience with exposure validation, security control testing, or attack path validation platforms.
• Ability to generate or script test telemetry using Python, Bash, PowerShell, or simple simulation tools.
• Contributions to community detection content, blogs, OSINT research, or security rule repositories.

As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn’t matter if you’re just out of college or your children are; we need you for what you can do.

WeZone effort to have parity of benefits across regions, and while regulations differ from place to place, we believe taking care of our people is the right thing to do.

• Competitive pay based on the work you do here and not your previous salary.
• Health coverage for you and your family in many locations.
• Ability to craft your calendar with flexible locations and schedules for many roles.
• Generous number of vacation days each year.
• Increase your impact – We match up to $2000 (or local currency equivalent) for financial donations and service.
• Up to 40 hours each year to use toward volunteer projects you love.

Different people approach problems differently. We need that. Elastic is an equal‑opportunity employer and is committed to creating an inclusive culture that celebrates different perspectives, experiences, and backgrounds. Qualified applicants will receiveачи consideration for employment without regard to race, ethnicity, color, religion, sex, pregnancy, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, disability status, or any other basis protected by federal, state or local law, ordinance or regulation.

We welcome individuals with disabilities and strive to create an accessible and inclusive experience for all individuals. To request an accommodation during the application or the recruiting process, please email candidate_accessibility@elastic.co. We will reply to your request within 24 business hours of submission.

Applicants have rights under Federal Employment Laws and can view the following posters linked below.

Family and Medical Leave Act (FMLA) Poster

Employee Polygraph Protection Act (EPPA) Poster

Elasticsearch develops and distributes technology and information that is subject to U.S. and other country export controls and licensing requirements for individuals who are located in or are nationals of the following sanctioned countries and regions: Belarus, Cuba, Iran, North Korea, Russia, Syria, the Crimea Region of Ukraine, the Donetsk People’s Republic (“DNR”), and thentaf the Luhansk People’s Republic (“LNR”). If you are located in or are a national of one of the listed countries or regions, an export license may be required as a condition of your employment in this role. Please note that national origin and/or nationality do not affect eligibility for employment withistič Elastic.

Please see here for our Privacy Statement.

Elastic is the company behind the Elastic Stack – Elasticsearch, Kibana, Beats, and Logstash. From stock quotes to Twitter streams, Apache logs to WordPress blogs, Elastic helps people explore and analyze their data differently using the power of search. Thousands of organizations worldwide, including Cisco, eBay, Goldman Sachs, Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia, and Verizon, use Elastic to power mission‑critical systems. Elastic offers their employees benefits like:

• 401(k) / Retirement Plan
• Minimum 16 weeks of parental leave
• Health coverage & vision insurance
• Flexible locations & bwino schedules
• Work from home policy
• Generous vacation time & paid holidays