SecJobs
RoleSuite
CompaniesRemoteAboutMethodologyContactPrivacy
Updated 2026-07-02 14:00 UTC·© 2025–2026 RoleSuite
← Back to listings

Elasticsearch Lead Engineer - SIEM Platform

Vanguard · Malvern, PA

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

Elasticsearch Lead Engineer - SIEM Platform:

  • Architect and maintain high-availability Elasticsearch clusters supporting large-scale security event ingestion

  • Define and enforce Elastic Common Schema (ECS) field mappings across all data sources, ensuring consistent normalization for detection rules and analytics

  • Design and develop custom data ingestion pipelines using Elasticsearch

  • Integrate with AWS services including S3, Kinesis Data Streams, Lambda, and CloudWatch for log collection

  • Manage AWS infrastructure: EC2, S3, IAM, and Secrets Manager - using AWS CloudFormation

  • Implement data lifecycle management - hot/warm/cold/frozen tier strategies, ILM policies, and snapshot/restore to S3-based data lakes

  • Partner with Detection Engineering and Threat Intelligence teams to optimize index strategies, queries, and dashboards in Kibana

  • Establish and maintain cluster security controls: TLS/mTLS, role-based access control (RBAC), audit logging, and encryption at rest

  • Build resilient, fault-tolerant architectures: cross-cluster replication, shard allocation awareness, and disaster recovery runbooks

  • Perform activities related platform health monitoring and upgrade / patching

  • Troubleshoot and manage production technical issues related to Elasticsearch cloud 

  • Define and enforce SLOs for ingestion latency, query performance, and cluster availability

  • Mentor junior engineers and establish best practices, runbooks, and architectural standards


Qualifications

  • Minimum of six years related work experience.

  • Undergraduate degree in a related field or the equivalent combination of training and experience.

  • 6+ years of Elasticsearch / Elastic Stack (ELK) experience in a production security or observability environment

  • Deep understanding of Elastic Common Schema (ECS) and experience mapping diverse log sources (Windows, Linux, network, cloud, EDR) to ECS

  • Hands-on experience operating Elasticsearch at scale (10TB+/day ingest, 100+ node clusters)

  • Proficiency with AWS - Kinesis, S3, IAM, CloudTrail, and AWS-native log sources

  • Experience with data streaming platforms - Apache Kafka, or Confluent Platform - for high-throughput event ingestion

  • Experience integrating with data lake platforms - AWS S3 / Lake Formation, Data Lake, or Apache Iceberg for long-term retention and threat hunting

  • Strong understanding of security principles: least privilege, network segmentation, secrets management, audit logging

  • Experience building resilient systems: replication topologies, capacity planning, chaos engineering mindset, and documented DR procedures

  • Proficiency with infrastructure-as-code tools (Terraform, Ansible, or CDK) (Optional)

Preferred Qualifications

  • Elastic Certified Engineer or Elastic Certified Analyst certification

  • Experience with Elastic Security / SIEM detection rules, ML jobs, and Timeline investigations

  • Familiarity with MITRE ATT&CK framework and how it informs index and detection design

  • Experience with container-based deployments of Elastic (ECK / Kubernetes)

  • Knowledge of compliance frameworks: SOC 2, PCI-DSS, HIPAA, or FedRAMP

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.

Security pay context

Based on 1,690 disclosed Security salaries on RoleSuite, the role pays a median of $142K/year, with most offers between $114K and $179K (10th–90th percentile: $95K–$215K).

See the full Security salary breakdown →
Apply →

Other roles at Vanguard

  • Index ETF Product Marketing SpecialistLondon, United Kingdom
  • Senior Governance Specialist, SuperannuationMelbourne, Australia
  • Junior Regulatory Change AnalystLondon, United Kingdom
  • Jr. Fund & Investment Operations Analyst - Fund AccountingMalvern, PA
  • Senior Android EngineerCharlotte, NC
  • Readiness & Delivery SpecialistMelbourne, Australia
  • Domain Architect- AI/ML, Senior SpecialistMalvern, PA
  • iOS Technical LeadCharlotte, NC
  • Investment Lifecycle Audit Engagement ManagerMalvern, PA
  • Deputy Chief Engineer - Mobile API (Node.js)Charlotte, NC

More Security roles

  • Cyber Security EngineerJobgether · US
  • Data Center Controls Engineering, CybersecurityGoogle · San Francisco, CA, USA
  • Analista de Segurança da Informação PlJobgether · Brazil
  • Analista de Segurança da Informação III - Foco em Segurança de RedesJobgether · Brazil
  • VP of Information SecurityJobgether · US
  • Analista de Segurança da Informação II - Foco em Arquitetura IAMJobgether · Brazil
  • Security Engineer, Google Distributed Cloud Air-Gapped ComplianceGoogle · Sunnyvale, CA, USA
  • Analista de Segurança da Informação Pleno — Gestão de Vulnerabilidades e IdentidadesJobgether · Brazil
  • Cybersecurity Operations ArchitectJobgether · Canada
  • Senior Security Engineer, Agentic Red Team, DeepMindGoogle · Mountain View, CA, USA