InfoSec - Vulnerability Management Analyst

United States

Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale — unleashing the potential of businesses and people. The Elastic Search AI Platform, used by more than 50% of the Fortune 500, brings together the precision of search and the intelligence of AI to enable everyone to accelerate the results that matter. By taking advantage of all structured and unstructured data — securing and protecting private information more effectively — Elastic’s complete, cloud-based solutions for search, security, and observability help organizations deliver on the promise of AI.

We’re always searching for outstanding people who have a real passion for what they do and are masters at their craft! We are looking for a Vulnerability Management Analyst to help drive the growth and maturity of our VM Program, enabling Elastic to achieve the highest compliance and security standards.

The InfoSec Product Security team is accountable for the security of all Elastic software and cloud services. We foster customer trust and empower Elastic to weave security into the fabric of our product development and Elastic Cloud platforms. In a globally distributed company, we think differently about achieving critical security and compliance objectives.

Are you passionate about performing through uncertainty and leading a forward-thinking security vulnerability management process? Then we should have a conversation!

• Responsible for our FedRAMP High procedures, including Continuous Monitoring (ConMon) and audit preparations.
• Carry out policies and perform VM procedures to support FedRAMP and DoD IL5 compliance requirements in a distributed multi-cloud environment.
• Collaborate with Product and Governance teams to ensure the effectiveness of the vulnerability management service for multiple compliance frameworks.
• Operate tooling to ensure scan coverage and hardening of Host VMs, Databases, Containers, Web Applications, APIs, and other cloud services.
• Engage with Product Development, Site Reliability Engineering, IT, and other collaborators to ensure timely and efficient remediation of vulnerabilities.
• Help scale and mature our VM service to optimize our approach to meeting new standards and requirements across multiple frameworks in a fast-paced engineering ecosystem.

• Demonstrated experience operating Vulnerability Management services in a FedRAMP environment (preferably FedRAMP High & DoD Impact Level 5). Participating in compliance audits, evidence gathering, and audit interviews.
• Proven track record for driving vulnerability management procedures in distributed cloud environments.
• Experience with vulnerability scanning platforms such as Qualys, Rapid7, Tenable, or similar tools.
• Experience with cloud platforms (AWS, GCP, Azure)
• Outstanding spoken and written communication skills in an asynchronous distributed environment.
• Bonus: Experience with any Elastic products (Elasticsearch, Kibana, Elastic Agent, Beats, Elastic Cloud, Logstash, Elastic Security).

Compensation for this role is in the form of base salary. This role does not have a variable compensation component.

The typical starting salary range for new hires in this role is listed below. In select locations (including Seattle WA, Los Angeles CA, the San Francisco Bay Area CA, and the New York City Metro Area), an alternate range may apply as specified below.

These ranges represent the lowest to highest salary we reasonably and in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the ranges may be modified in the future.

An employee's position within the salary range will be based on several factors including, but not limited to, relevant education, qualifications, certifications, experience, skills, geographic location, performance, and business or organizational needs.

Elastic believes that employees should have the opportunity to share in the value that we create together for our shareholders. Therefore, in addition to cash compensation, this role is currently eligible to participate in Elastic's stock program. Our total rewards package also includes a company-matched 401k with dollar-for-dollar matching up to 6% of eligible earnings, along with a range of other benefits offered with a holistic emphasis on employee well-being.

The typical starting salary range for this role is:

$110,900 - $175,500 USD

The typical starting salary range for this role in the select locations listed above is:

$133,200 - $210,700 USD

As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn’t matter if you’re just out of college or your children are; we need you for what you can do.

We strive to have parity of benefits across regions and while regulations differ from place to place, we believe taking care of our people is the right thing to do.

• Competitive pay based on the work you do here and not your previous salary
• Health coverage for you and your family in many locations
• Ability to craft your calendar with flexible locations and schedules for many roles
• Generous number of vacation days each year
• Increase your impact - We match up to $2000 (or local currency equivalent) for financial donations and service
• Up to 40 hours each year to use toward volunteer projects you love
• Embracing parenthood with minimum of 16 weeks of parental leave

Different people approach problems differently. We need that. Elastic is an equal opportunity/affirmative action employer committed to diversity, equity, and inclusion. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, pregnancy, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, disability status, or any other basis protected by federal, state or local law, ordinance or regulation.

We welcome individuals with disabilities and strive to create an accessible and inclusive experience for all individuals. To request an accommodation during the application or the recruiting process, please email candidate_accessibility@elastic.co We will reply to your request within 24 business hours of submission.

Please see here for our Privacy Statement.

* indicates a required field

First Name *

Last Name *

Preferred First Name

Email *

Phone

Location (City) *

Resume/CV *

Accepted file types: pdf, doc, docx, txt, rtf

Have you operated Vulnerability Management services in a FedRAMP-authorized environment (FedRAMP High or DoD Impact Level 5 preferred)? * Select...

Professional Profile (LinkedIn, Github, Website, etc)

Will you require Elastic's sponsorship to continue or extend your work authorization status? * Select...

In what countries do you have the unrestricted right to work? *

Please list your most recent country of citizenship or permanent residency. *

Would you require an export license to access Elastic’s technology? (Individuals who are not U.S. citizens, legal permanent residents of the U.S., or protected individuals under the U.S. Immigration and Naturalization Act (8 U.S.C.1324b(a)(3)) AND who are nationals of Belarus, Cuba, Iran, North Korea, Russia, Syria, the Crimea Region of Ukraine, Donetsk People’s Republic (“DNR”), and the Luhansk People’s Republic (“LNR”) would require an export license to access or discuss Elastic’s proprietary technology that relates to source code that enables encryption functionality. * Select...

Gender Pronouns (She/Her/Hers, He/Him/His, They/Them/Theirs, etc.)

Please acknowledge that you have reviewed our privacy statement at the bottom of our job posting. For additional details, please see our privacy statement linked below. * Select...

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Referral Board’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Form CC-305

Page 1 of 1

OMB Control Number 1250-0005

Expires 04/30/2026

Form CC-305 Page 1 of 1 OMB Control Number 1250-0005 Expires 04/30/2026
Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

• Alcohol or other substance use disorder (not currently using drugs illegally)
• Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
• Blind or low vision
• Cancer (past or present)
• Cardiovascular or heart disease
• Celiac disease
• Cerebral palsy
• Deaf or serious difficulty hearing
• Diabetes
• Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
• Epilepsy or other seizure disorder
• Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
• Intellectual or developmental disability
• Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
• Missing limbs or partially missing limbs
• Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
• Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
• Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
• Partial or complete paralysis (any cause)
• Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
• Short stature (dwarfism)
• Traumatic brain injury