As a Defensive Security Engineer, you will be part of the Cloud Defense team within Security Operations. Your main objective is to own and evolve our Elastic-based detection and observability platform, enabling “Defense as a Service” for security and engineering teams across the company.
You will combine strong Elastic expertise with solid Infra/DevSecOps practices to elevate our detection capabilities to the next level. We don’t expect you to be a deep security expert from day one. What we need is someone strong on Elastic and platform engineering who enjoys working with security engineers, SOC analysts and incident responders, and is happy to grow his security skills on the job.
You will be instrumental in ensuring that Adevinta’s security strategy covers industry-relevant security standards. The Cloud Defense team is part of the Information Security department where your team will collaborate with other services such as Vulnerability Management, Bug Bounty programs, and SPLC Security among others.
What you will do:
You will join the Cloud Defense team, responsible for consolidating and scaling our operating defensive security capabilities for our multi-cloud (AWS and GCP environments), platforms and applications.
You will be supporting the team in the following areas:
Redesign, evolve and operate our Elastic stack (Elasticsearch, Kibana, Elastic Security/Observability) as a core part of the Defensive platform.
Own the ingestion pipelines for security and infrastructure telemetry (e.g. AWS/GCP audit logs, EDR telemetry, OS/syslog from Linux fleets and key application logs from our core products), including Beats/Agents, ingest pipelines and index lifecycle management.
Pragmatically optimise Elastic for performance, scalability, cost and reliability (index strategy, shard planning, hot/warm/cold, retention policies).
Define and maintain standards and templates for indices, data streams, mappings and dashboards.
Implement and maintain detection content in Elastic (KQL/EQL queries, rules, anomaly jobs) following defense-as-code practices: versioning, code reviews, testing and CI/CD.
Collaborate with engineering teams, SOC and Incident Response to translate threat scenarios and cloud/runtime risks into Elastic rules, alerts and dashboards.
Improve detections to reduce false positives and improve signal quality, based on feedback from SOC, IR and product teams.
Contribute to internal tooling that improves detection engineering (e.g. shared rule templates, test harnesses, linters, rule packaging).
Manage Elastic infrastructure, data pipelines, and content deployments using IaC tools (Terraform, CloudFormation) and CI/CD platforms (GitHub Actions, Argo CD).
Integrate Elastic with other security and cloud services (e.g. EDR agents, cloud-native security tools, ticketing, notification channels, SOAR) to support end-to-end defensive workflows.
Support the hardening and security of the Elastic platform (access control, encryption, secrets, network policies, backups and recovery).
Treat Elastic as a product: maintain a roadmap, backlog, changelog and documentation for the platform’s security capabilities.
Provide self-service onboarding patterns for product and platform teams (data ingestion blueprints, dashboards, reference queries, runbooks).
Partner with Cloud, SRE, Platform and Application teams to ensure the right telemetry is available for runtime security, incident response and troubleshooting.
Build and maintain simple and clear dashboards that show data coverage, detection health and ingest reliability over time.
Level up the team’s Elastic skills by treating detections as data problems: help colleagues design data models, queries and pipelines that scale, and coach them on performance, cost and reliability trade-offs at our volume.
Qualifications:
Must-have
Strong hands-on experience designing, operating and troubleshooting Elastic deployments in production (on-prem or cloud-managed).
Experience building and operating log/telemetry pipelines into Elastic (Filebeat/Metricbeat/other Beats, Elastic Agent, Logstash, ingest pipelines).
Proficiency with Kibana: dashboards, visualisations, Lens, saved searches, alerting and spaces.
Solid understanding of distributed systems basics relevant to Elastic (indexing, sharding, replication, cluster health).
Elastic Certified Engineer (or equivalent depth of experience), however certification is a plus.
Infra / DevSecOps and Cloud
Experience with infrastructure-as-code (e.g. Terraform, Ansible, CloudFormation) to deploy and manage infrastructure.
Experience with CI/CD pipelines (GitHub Actions, Jenkins, etc…) to automate configuration and infrastructure deployments.
Hands-on experience with Linux systems, containers and Kubernetes (EKS or vanilla deployments).
Experience with public cloud environments, preferably AWS and/or GCP (cloud logging, IAM basics, network fundamentals).
Security Knowledge
Good understanding of core security and SOC concepts: logs vs events vs alerts, detections, triage and investigations.
Be familiar with threat detection concepts (TTPs, attacker behaviours, basic MITRE ATT&CK navigation) and how they map to logs and signals.
Understanding of common cloud and application security risks (e.g. misconfigurations, credential misuse, suspicious access patterns).
Willingness and curiosity to grow security expertise working next to teams of seasoned security professionals.
General
4+ years of experience in a relevant role (e.g. Platform / Observability Engineer, Elastic Engineer, DevOps/Cloud Engineer, Security Engineer working heavily with Elastic).
Strong scripting / automation skills in at least one language (e.g. Go, Bash, Python).
Strong analytical and problem-solving abilities.
Excellent communication and documentation skills, ability to work effectively with both engineers and security specialists in a distributed and fast-paced environment.
Nice to have:
Practical experience with Elastic Security or SIEM capabilities (detection rules, timelines, cases, EQL/KQL for threat detection).
Hands-on experience integrating Elastic with EDR / runtime security tools (e.g. CrowdStrike) or cloud-native security services.
Experience with SOAR tools or building automation around alert handling and incident response.
Prior work in a Cloud Security / Cloud Defense / SecOps team.
Contributions to open-source projects, security libraries or public talks/blog posts about Elastic, observability or security.
Relevant certifications like Elastic, Cloud Security, Kubernetes or DevOps related.
Additional information
Life at Adevinta comes with its perks! Our Adevintans enjoy the following benefits:
- An attractive Base Salary.
- Participation in our Short Term Incentive plan (annual bonus).
- Work From Anywhere: Enjoy up to 20 days a year of working from anywhere! Maybe not from the moon - well why not! just make sure you have internet connection!
- A 24/7 Employee Assistance Program for you and your family, because we care.
- Win together, lose together is one of our key behaviours. At Adevinta you will find a collaborative environment with an opportunity to explore your potential and grow.
On top of these, we also provide a range of locally relevant benefits. Wanna know more? Apply and ask our recruiters!
