Cloud Defensive Security Engineer (Elastic)

We're Adevinta, a global leader in digital marketplaces. Our household name brands, including Marktplaats in the Netherlands, mobile.de in Germany and leboncoin in France, reach hundreds of millions of people every month.

We're all about matchmaking, and our sites help people find whatever they're looking for in their local communities - whether it's a car, an apartment, a sofa or a new job. Every connection made or item found makes a difference by creating a world where people share more and waste less.

Our brands are supported by global Tech Hubs in Barcelona, Amsterdam, Paris and Berlin. Their goal is to develop common global products and innovation platforms which all of our brands can use. This means using cutting edge technology to create highly scalable, customisable and secure products and components that free up development time and leverage our access to global data.

As a Defensive Security Engineer, you will be part of the Cloud Defense team within Security Operations. Your main objective is to own and evolve our Elastic-based detection and observability platform, enabling "Defense as a Service" for security and engineering teams across the company.

You will combine strong Elastic expertise with solid Infra/DevSecOps practices to elevate our detection capabilities to the next level. We don't expect you to be a deep security expert from day one. What we need is someone strong on Elastic and platform engineering who enjoys working with security engineers, SOC analysts and incident responders, and is happy to grow his security skills on the job.

You will be instrumental in ensuring that Adevinta's security strategy covers industry-relevant security standards. The Cloud Defense team is part of the Information Security department where your team will collaborate with other services such as Vulnerability Management, Bug Bounty programs, and SPLC Security among others.

You will join the Cloud Defense team, responsible for consolidating and scaling our operating defensive security capabilities for our multi-cloud (AWS and GCP environments), platforms and applications.

You will be supporting the team in the following areas:

• Redesign, evolve and operate our Elastic stack (Elasticsearch, Kibana, Elastic Security/Observability) as a core part of the Defensive platform.
• Own the ingestion pipelines for security and infrastructure telemetry (e.g. AWS/GCP audit logs, EDR telemetry, OS/syslog from Linux fleets and key application logs from our core products), including Beats/Agents, ingest pipelines and index lifecycle management.
• Pragmatically optimise Elastic for performance, scalability, cost and reliability (index strategy, shard planning, hot/warm/cold, retention policies).
• Define and maintain standards and templates for indices, data streams, mappings and dashboards.
• Implement and maintain detection content in Elastic (KQL/EQL queries, rules, anomaly jobs) following defense-as-code practices: versioning, code reviews, testing and CI/CD.
• Collaborate with engineering teams, SOC and Incident Response to translate threat scenarios and cloud/runtime risks into Elastic rules, alerts and dashboards.
• Improve detections to reduce false positives and improve signal quality, based on feedback from SOC, IR and product teams.
• Contribute to internal tooling that improves detection engineering (e.g. shared rule templates, test harnesses, linters, rule packaging).
• Manage Elastic infrastructure, data pipelines, and content deployments using IaC tools (Terraform, CloudFormation) and CI/CD platforms (GitHub Actions, Argo CD).
• Integrate Elastic with other security and cloud services (e.g. EDR agents, cloud-native security tools, ticketing, notification channels, SOAR) to support end-to-end defensive workflows.
• Support the hardening and security of the Elastic platform (access control, encryption, secrets, network policies, backups and recovery).
• Treat Elastic as a product: maintain a roadmap, backlog, changelog and documentation for the platform's security capabilities.
• Provide self-service onboarding patterns for product and platform teams (data ingestion blueprints, dashboards, reference queries, runbooks).
• Partner with Cloud, SRE, Platform and Application teams to ensure the right telemetry is available for runtime security, incident response and troubleshooting.
• Build and maintain simple and clear dashboards that show data coverage, detection health and ingest reliability over time.
• Level up the team's Elastic skills by treating detections as data problems: help colleagues design data models, queries and pipelines that scale, and coach them on performance, cost and reliability trade‑offs at our volume.

Must-have

• Strong hands‑on experience designing, operating and troubleshooting Elastic deployments in production (on‑prem or cloud‑managed).
• Experience building and operating log/telemetry pipelines into Elastic (Filebeat/Metricbeat/other Beats, Elastic Agent, Logstash, ingest pipelines).
• Proficiency with Kibana: dashboards, visualisations, Lens, saved searches, alerting and spaces.
• Solid understanding of distributed systems basics relevant to Elastic (indexing, sharding, replication, cluster health).
• Elastic Certified Engineer (or equivalent depth of experience); certification is a plus.

Infra / DevSecOps and Cloud

• Experience with infrastructure-as-code (e.g. Terraform, Ansible, CloudFormation) to deploy and manage infrastructure.
• Experience with CI/CD pipelines (GitHub Actions, Jenkins, etc.) to automate configuration and infrastructure deployments.
• Hands‑on experience with Linux systems, containers and Kubernetes (EKS or vanilla deployments).
• Experience with public cloud environments, preferably AWS and/or GCP (cloud logging, IAM basics, network fundamentals).

Security Knowledge

• Good understanding of core security and SOC concepts: logs vs events vs alerts, detections, triage and investigations.
• Be familiar with threat detection concepts (TTPs, attacker behaviours, basic MITRE ATT&CK navigation) and how they map to logs and signals.
• Understanding of common cloud and application security risks (e.g. misconfigurations, credential misuse, suspicious access patterns).
• Willingness and curiosity to grow security expertise working next to teams of seasoned security professionals.

General

• 4+ years of experience in a relevant role (e.g. Platform / Observability Engineer, Elastic Engineer, DevOps/Cloud Engineer, Security Engineer working heavily with Elastic).
• Strong scripting / automation skills in at least one language (e.g. Go, Bash, Python).
• Strong analytical and problem‑solving abilities.
• Excellent communication and documentation skills, ability to work effectively with both engineers and security specialists in a distributed and fast‑paced environmentli>

Nice to have:

• Practical experience with Elastic Security or SIEM capabilities (detection rules, timelines, cases, EQL/KQL for threat detection).
• Hands‑on experience integrating Elastic with EDR / runtime security tools (e.g. CrowdStrike) or cloud‑native security services.
• Experience with SOAR tools or building automation around alert handling and incident response.
• Prior work in a Cloud Security / Cloud Defense / SecOps team.
• Contributions to open‑source projects, security libraries or public talks/blog posts about Elastic, observability or security.
• Relevant certifications like Elastic, Cloud Security, Kubernetes or DevOps related.

Life at Adevinta comes with its perks! Our Adevintans enjoy the following benefits:

• An attractive Base Salary
• Participation in our Short Term Incentive plan (annual bonus)
• Work From Anywhere: Enjoy up to 20 days a year of working from anywhere! Maybe not from the moon… just make sure you have internet connection!
• A 24/7 Employee Assistance Program for you and your family, because we care
• Win together, lose together is one of our key behaviours. At Adevinta you will find a collaborative environment with an opportunity to explore your potential and grow

On top of these, we also provide a range of locally relevant benefits. Wanna know more? Apply and ask our recruiters!

Adevinta is an equal opportunity employer and we value diversity. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status.

If you feel like you don't meet all of the requirements for this role but are interested, please consider applying anyway. Research suggests that women and individuals from underrepresented groups may self‑select out of opportunities if they don't meet 100% of the job requirements. We strongly encourage people from historically excluded groups to apply and look forward to speaking with you.