Acronis is a global leader in cyber protection, delivering AI-powered protection for productive MSPs in a single, natively integrated platform. They are seeking a Senior Security Engineer to lead their Elastic SIEM and Detection Engineering program, focusing on building scalable detection pipelines and improving telemetry quality. This role involves significant ownership and the opportunity to shape detection engineering across the organization.
Responsibilities:
- Own and optimize the Elastic Security platform (Elasticsearch, Kibana, Fleet, Logstash, Elastic Agents)
- Design and maintain ingestion pipelines for cloud, endpoint, network, and application telemetry
- Improve telemetry quality, data retention, performance, and investigation workflows
- Integrate SIEM workflows with SOAR and automation tooling
- Build and maintain a Detection-as-Code pipeline using Git-based workflows and CI/CD automation
- Develop, test, tune, and maintain high-fidelity detections using Elastic Security, EQL, and KQL
- Reduce alert noise through tuning, enrichment, suppression, and exception handling
- Map detections to MITRE ATT&CK and help drive detection coverage strategy
- Track detection quality metrics including alert fidelity, false positive rates, and coverage gaps
- Assist with complex alert escalations and perform initial incident scoping
- Execute initial containment actions when necessary (endpoint isolation, IP/domain blocking, account suspension)
- Participate in a low-frequency on-call rotation for critical incidents
- Translate incident learnings into improved detections and telemetry coverage
- Partner with infrastructure, DevSecOps, and cloud teams to improve logging and visibility
- Build automation and tooling using Python and/or PowerShell
- Support purple team exercises and adversary simulations
Requirements:
- 5+ years of cybersecurity engineering experience
- 3+ years focused on SIEM engineering, detection engineering, or security analytics
- Strong hands-on experience with Elastic Security and the Elastic Stack
- Experience building or maintaining Detection-as-Code workflows using Git and CI/CD pipelines
- Strong understanding of detection tuning, alert fidelity, and operational detection quality
- Ability to independently investigate complex alerts and produce actionable findings
- Elastic Security, Kibana, Fleet, Elastic Agents, EQL/KQL
- Detection engineering and MITRE ATT&CK mapping
- Jenkins, Bitbucket Pipelines, GitHub Actions, or similar CI/CD tooling
- Python and/or PowerShell scripting
- AWS CloudTrail, VPC Flow Logs, Azure Monitor, or similar telemetry sources
- TCP/IP, DNS, HTTP/S, and common attack patterns
- Threat intelligence enrichment and operationalization
- SOAR playbook development and automated response workflows
- Sigma rule development
- Elastic detection-rules ecosystem familiarity
- Terraform or Ansible experience
- Previous SOC or Incident Response background