Security Research Engineer II – Threat Research & Detection Engineering
Elastic
about 1 month ago
Toronto, Canada
Mid Level / Senior
H1B Sponsor
Responsibilities
- Create and refine detection logic across multiple domains using Elastic data sources.
- Validate rule behavior through functional testing and iterative tuning.
- Evaluate attack paths and contribute to coverage improvements throughout the kill chain.
- Analyze multi-source telemetry to uncover detection opportunities.
- Support cloud security validation efforts for AWS, Azure, or GCP detections.
- Collaborate with senior researchers to test new detection approaches.
- Use simulation tools or scripted tests to generate telemetry and validate detection behavior.
- Participate in Elastic Security Labs efforts and community knowledge sharing.
Requirements
- Solid security experience with a strong understanding of attacker behaviors in telemetry.
- Experience in detection engineering, threat research, or related blue-team roles.
- Ability to write or validate detections using EQL, KQL, SQL, or similar query languages.
- Familiarity with MITRE ATT&CK and its application to mapping detection coverage.
- Strong analytical and problem-solving skills, especially around false positives.
- Clear communication skills and willingness to learn from senior researchers.
Benefits
- Competitive pay based on the work you do, not previous salary.
- Health coverage for you and your family in many locations.
- Flexible locations and schedules for many roles.
- Generous vacation days each year.
- Financial donation matching up to $2000.
- Up to 40 hours each year for volunteer projects.
- Minimum of 16 weeks of parental leave.
Tech Stack
AWSAzureBashGoogle Cloud PlatformPowerShellPythonSQL
Categories
Security