Security Solutions - Senior Engineer (Elastic Common Schema)


Full Time
Elastic logo
Apply now

Posted 1 month ago

Elastic is a search company with a simple goal: to solve the world's data problems with products that delight and inspire. As the creators of the Elastic Stack, we help thousands of organizations including Cisco, eBay, Grab, Goldman Sachs, ING, Microsoft, NASA, The New York Times, Wikipedia, and many more use Elastic to power mission-critical systems. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are extending what's possible with data, delivering on the promise that good things come from connecting the dots. We have a distributed team of Elasticians across 30+ countries (and counting), and our diverse open source community spans over 100 countries. Learn more at

More about Security Solutions

The Elastic Security Solutions team is building a new solution that will become the center of the Elastic security analytics offerings. The Elastic stack is already very popular among the security analyst community, and the Security team has the opportunity to significantly improve the user experience and workflows of security analysts. Challenges include collecting all the relevant data, aggregating and visualising it, detecting and alerting on suspicious events, as well as supporting the investigation phase.

The  team is diverse and distributed. You will be working remotely with people from Germany, Spain, United States, United Kingdom, and more. We meet via Zoom, brainstorm in Google docs, discuss in open GitHub issues, and chat on Slack.

Senior Engineer- Elastic Common Schema

The Elastic Common Schema (ECS) is an open source specification, developed with support from the Elastic user community. ECS defines a common set of fields to be used when storing event data in Elasticsearch, such as logs and metrics.

As Senior Engineer on the ECS team, you will be part of a team developing high quality field mappings for various use cases such as security and observability. As part of the ECS team, you’ll be deeply involved in working with the community, enrich ECS with new mappings as part of regular release cadence. Being part of the ECS team also means working very closely with Ingest, Security and Observability teams to understand their requirements and promote ECS at the same time. Working on ECS requires being creative in building a future-proof schema. 

What you will be doing

  • Join the ECS team alongside other team members, working on enriching the common field mapping schema.
  • Research and add new file mappings into the schema as part of a regular release.
  • As part of the release, work closely with other teams in Elastic to fit various use cases into ECS.
  • Find creative ways of promoting and converting the data into Elastic Common Schema.
  • Continuously work with the community to understand their needs and incorporate suggestions.
  • Help build and improve various artifacts that help users adopt ECS and unlock its potential.
  • Working closely with the documentation team at every step to improve the overall user experience.

What you will bring along

  • Development experience with Python or Ruby
  • A good understanding of the Elastic Stack
  • Experience exploring data with Kibana
  • Understanding of Elasticsearch mapping types
  • Experience with parsing logs and events (ideally in the context of security or observability)
  • Experience in correlating events from multiple sources, or threat hunting
  • Mastery of the english language; especially in its written form.
  • Ability to work independently in a globally distributed team.
  • Nice to have: Experience working on an endeavour that requires future-proofing. E.g. another common data schema, API design, developing a parts-numbering system, etc.

Additional Information - We Take Care of Our People

As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn’t matter if you’re just out of college or your children are; we need you for what you can do.

We strive to have parity of benefits across regions and while regulations differ from place to place, we believe taking care of our people is the right thing to do.

  • Competitive pay based on the work you do here and not your previous salary
  • Health coverage for you and your family in many locations
  • Ability to craft your calendar with flexible locations and schedules for many roles
  • Generous number of vacation days each year
  • Double your charitable giving — we match up to 1% of your salary
  • Up to 40 hours each year to use toward volunteer projects you love
  • Embracing parenthood with minimum of 16 weeks of parental leave

Elastic is an Equal Employment employer committed to the principles of equal employment opportunity and affirmative action for all applicants and employees. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. Elastic also makes reasonable accommodations for disabled employees consistent with applicable law.