Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.
Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.
Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.
Elasticsearch Lead Engineer - SIEM Platform:
Architect and maintain high-availability Elasticsearch clusters supporting large-scale security event ingestion
Define and enforce Elastic Common Schema (ECS) field mappings across all data sources, ensuring consistent normalization for detection rules and analytics
Design and develop custom data ingestion pipelines using Elasticsearch
Integrate with AWS services including S3, Kinesis Data Streams, Lambda, and CloudWatch for log collection
Manage AWS infrastructure: EC2, S3, IAM, and Secrets Manager - using AWS CloudFormation
Implement data lifecycle management - hot/warm/cold/frozen tier strategies, ILM policies, and snapshot/restore to S3-based data lakes
Partner with Detection Engineering and Threat Intelligence teams to optimize index strategies, queries, and dashboards in Kibana
Establish and maintain cluster security controls: TLS/mTLS, role-based access control (RBAC), audit logging, and encryption at rest
Build resilient, fault-tolerant architectures: cross-cluster replication, shard allocation awareness, and disaster recovery runbooks
Perform activities related platform health monitoring and upgrade / patching
Troubleshoot and manage production technical issues related to Elasticsearch cloud
Define and enforce SLOs for ingestion latency, query performance, and cluster availability
Mentor junior engineers and establish best practices, runbooks, and architectural standards
Qualifications
Minimum of six years related work experience.
Undergraduate degree in a related field or the equivalent combination of training and experience.
6+ years of Elasticsearch / Elastic Stack (ELK) experience in a production security or observability environment
Deep understanding of Elastic Common Schema (ECS) and experience mapping diverse log sources (Windows, Linux, network, cloud, EDR) to ECS
Hands-on experience operating Elasticsearch at scale (10TB+/day ingest, 100+ node clusters)
Proficiency with AWS - Kinesis, S3, IAM, CloudTrail, and AWS-native log sources
Experience with data streaming platforms - Apache Kafka, or Confluent Platform - for high-throughput event ingestion
Experience integrating with data lake platforms - AWS S3 / Lake Formation, Data Lake, or Apache Iceberg for long-term retention and threat hunting
Strong understanding of security principles: least privilege, network segmentation, secrets management, audit logging
Experience building resilient systems: replication topologies, capacity planning, chaos engineering mindset, and documented DR procedures
Proficiency with infrastructure-as-code tools (Terraform, Ansible, or CDK) (Optional)
Preferred Qualifications
Elastic Certified Engineer or Elastic Certified Analyst certification
Experience with Elastic Security / SIEM detection rules, ML jobs, and Timeline investigations
Familiarity with MITRE ATT&CK framework and how it informs index and detection design
Experience with container-based deployments of Elastic (ECK / Kubernetes)
Knowledge of compliance frameworks: SOC 2, PCI-DSS, HIPAA, or FedRAMP
Special Factors
Sponsorship
Vanguard is not offering visa sponsorship for this position.About Vanguard
At Vanguard, we don't just have a mission—we're on a mission.
To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.
How We Work
Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.
Based on 1,690 disclosed Security salaries on RoleSuite, the role pays a median of $142K/year, with most offers between $114K and $179K (10th–90th percentile: $95K–$215K).
See the full Security salary breakdown →