Elasticsearch Engineer

Summary

The Elasticsearch Engineer will continuously improve and scale the Elasticsearch infrastructure that powers our high-profile, high-visibility cybersecurity and risk-management platform. You will own the Elasticsearch clusters (provisioning, upgrades, backup/restore, and troubleshooting) managed with Ansible, and you will design, evolve, and operate data-ingest pipelines plus Elastic Fleet policies and integrations using Ansible.

This is a full-time, remote position.  Rotation on-call hours required.

What You’ll Do

• Meet professional obligations with efficient work habits—hit deadlines, honor schedules, and coordinate resources/meetings effectively.
• Build strong cross-functional relationships with SecOps, SRE/Platform, Dev, and Compliance.
• Maintain a professional image and adhere to all company policies/procedures.
• Produce clear runbooks, diagrams, and training for junior staff; lead knowledge-shares.
• Participate in and contribute to collaborative engineering/design reviews.
• Plan and execute zero/minimal downtime Elasticsearch cluster upgrades with rollback and validation steps.
• Implement and test cluster backups/restores; regularly perform DR exercises.
• Diagnose and resolve cluster issues (performance, shards, mappings, ILM, security).
• Create and maintain Elasticsearch ingest pipelines parsing (Grok, processors, ECS alignment, Painless).
• Create and maintain index/component templates, ILM and SLM policies
• Create and maintain Elastic Agent integrations via  Ansible, adapting data to Elastic Common Schema.
• Build cluster, agent, and data ingest monitoring & alerting (throughput, latency, drop/error rates) with dashboards Kibana and ElastAlert; respond to incidents.
• Capacity planning and performance tuning
• Own OS configuration management for Elastic nodes using Ansible (idempotent playbooks, CI validation).
• Partner with Security to improve data quality, normalization, and retention policies.
• “Other duties as assigned” in support of platform reliability and data integrity.

Minimum Qualifications

• High School Diploma or GED equivalent, required.
• Elastic Certified Engineer (ECE) or equivalent knowledge, required.
• 2+ years hands-on Elasticsearch engineering in production, required.
• Ansible experience for automated configuration management, required.
• Extensive experience with Grok patterns and ingest pipeline parsing.
• Experience with GitHub (PR workflow, code reviews, Actions/CI).
• Some programming experience to be able to comprehend and troubleshoot existing PowerShell and Python scripts.

Nice to Have

• ETL/data-engineering experience outside Elastic (e.g., Kafka, Fluent Bit, Airflow).
• Programming in Bash, Python, PowerShell, Ruby or Go for tooling, automation, and QA.
• Security certifications (e.g., CISSP, CISM, CISA, Security+, CEH).
• Exposure to Elastic security features, RBAC, TLS, PII handling.
• Experience with Elastic’s tooling such as Rally.
• Familiarity with ECS, ILM, SLM,  Hot-Warm-Cold architectures, index and component templates, data stream and concrete index strategies.
• Experience with Linux hardening, systemd, and performance tuning for Elastic nodes.
• Observability practices (SLOs, error budgets), and metrics/logs/traces integration.

Tools & Technologies You’ll Use

Elasticsearch, Kibana, Fleet,  Elastic Agent, Grok. Painless, Ansible, Git, Linux, SSH, TLS/PKI; Python, PowerShell, Vault, Consul.

Success Metrics (First 6–12 Months)

• Ability to create and manage custom pipelines with strict adherence to the Elastic Common Schema.
• Zero-defect execution of at least one cluster upgrade with validated rollback plan.
• Backups & restores documented and tested; RPO/RTO objectives met.
• Pipeline error rate and data latency within defined SLOs; data quality KPIs improved.
• Ansible playbooks and runbooks documented, peer-reviewed, and CI-validated.
• Measurable reduction in MTTR for Elastic-related incidents.

Work Environment & Benefits

Trapp Technology and ArmorPoint take pride in a workplace defined by positivity, respect, and collaboration – where a strong work ethic, innovation, and mutual trust drive personal and company growth.  We value our team members and offer a competitive benefit package, including health insurance, retirement benefits, generous paid time off, and more, as listed below:

• 100% employer-funded insurance for employee-only medical, dental, and vision coverage
• Generous employer-funded insurance for family medical, dental, and vision coverage
• 401 (k) plan with company match
• Employer-sponsored life insurance
• Paid parental leave
• 3 weeks of paid time off, accrued annually
• 8 company-paid holidays and 2 floating holidays each year
• Certification and training reimbursement program for approved learning expenses
• 100% remote position (must be located within an approved state in the United States)
• On-call Rotation:  1 week on/1 week off
• Company equipment provided