Senior Cloud Protection Engineer

We are seeking an experienced Senior Cloud Protection Engineer to design, secure, and scale multi-tenant Elastic Stack platforms for our managed services customers across public, private, and hybrid clouds. You will serve as the technical lead for Elastic Cloud Enterprise (ECE) engineering, infrastructure security, and service management best practices—acting as a critical bridge between engineering, security operations, presales, and customer success teams. The role combines hands-on build responsibilities with service governance, mentorship, and continuous improvement leadership.

Responsibilities

Elastic Stack & SIEM Engineering:

• Architect, deploy, and operate Elastic Cloud Enterprise (ECE) clusters in multi-region, multi-datacenter footprints.
• Design customer-specific Elastic environments (ILM/SLM, cross-cluster search, sharding, searchable snapshots).
• Build secure ingest pipelines (Elastic Agent, Logstash, REST API, Kafka, third-party collectors).
• Enable Elastic Observability use cases: APM, metrics, distributed tracing (OpenTelemetry), and infrastructure visibility.
• Develop ML-powered anomaly detection jobs and craft Sigma/KQL rules for threat hunting and MITRE ATT&CK coverage.

Cloud & Infrastructure Security:

• Provision and harden workloads on AWS, Azure, GCP, VMware, and KVM; enforce OS baselines, IAM least privilege, WAFs, and Zero Trust controls.
• Operate Kubernetes (K8s/K3s) and Docker environments; implement GitOps (Argo CD / Flux) and policy as code (OPA/Gatekeeper).
• Automate infrastructure with Terraform, Ansible, and CI/CD pipelines; integrate security scans (SAST/DAST, image signing).
• Manage PKI, SSL/TLS, mTLS service mesh encryption (Istio/Linkerd), and SSO (SAML, OIDC, OAuth2) integrations.

Service Management & Operational Excellence:

• Embed ITIL v4 practices—Incident, Problem, Change, Release, and Continual Improvement—into runbooks and SIEM workflows.
• Define SLIs/SLOs, error budgets, and reliability dashboards; lead blameless post-mortems and chaos engineering drills.
• Partner with FinOps to optimize cloud spend and generate cost-to-serve reports for internal and customer stakeholders.
• Maintain architecture decision records (ADRs), technical documentation, and automated runbooks.

Collaboration, Leadership & Customer Engagement:

• Act as technical advisor to presales on sizing, PoCs, migration, and ROI/TCO modeling.
• Mentor junior engineers, lead pair programming sessions, and deliver enablement workshops for SOC analysts and customers.
• Coordinate with networking, compliance, and governance teams to map controls to ISO 27001, NIST CSF, UAE NESA IAS v2, and KSA NCA ECC.
• Participate in high-severity incident response and cybersecurity investigations.

Requirements

• Elastic Certified Engineer and Certified Kubernetes Administrator (CKA).
• Proven track record managing large-scale, multi-tenant Elastic Stack and ECE deployments.
• Deep expertise in index lifecycle management, ingest pipelines, Grok/regex, JSON/XML parsing, and ECS extensions.
• Strong networking knowledge (L3/L7, load balancing, web traffic inspection, ACLs, VPN/Direct Connect/ExpressRoute).
• Proficiency in Python, Bash, and PowerShell for automation, custom APIs, and data enrichment.
• Hands-on experience with S3/object storage, NAS (NFS/iSCSI), Kafka/Kinesis, and distributed logging architectures.
• Demonstrated application of ITIL/ITSM processes in a managed service provider or SRE environment.
• Elastic Certified Observability Engineer or Elastic Certified Security Analyst.
• Familiarity with alternative SIEMs (Splunk, Sentinel) to guide migration discussions.
• Experience with OpenTelemetry, Prometheus, Grafana/Tempo, and k-NN vector search in Elastic/OpenSearch.
• Knowledge of machine learning pipelines, MLOps, and GenAI/RAG integrations for automated incident summarization.
• Exposure to Zero Trust architectures, supply chain security (SLSA, SBOM), and container image signing tools.
• Excellent written and verbal communication skills; able to translate technical issues into business risk language.