Job Description
5ironCyber security operations solutions provide comprehensive detection and response, 24/7/365. We actively respond to events as they occur, requiring less bandwidth from our clients and taking the action needed to eliminate the threat before it causes disruption to client business or data. This approach enabled 5ironCyber to be named to the Inc. 5000 list of fastest-growing private companies in the US in 2025, for the fourth consecutive year. 5ironCyber redefines industry expectations by taking an active role in the protection of our clients. Delivering 24/7 "eyes on" cybersecurity defense solutions, effectively minimizes cyber risk inside these organizations. Our Security Operations solutions leverage years of information security experience to protect critical network infrastructure from the growing number of cyber threats. 5ironCyber's Security Operations Center (SOC) is located in Franklin, Tennessee and all security operations are run from this facility. Our goal is more than notification—Our goal is response and resolution. Role Overview The Security Engineer - Elastic is a hands-on engineering role responsible for designing, implementing, tuning, and maintaining Elastic SIEM solutions for multiple clients across diverse environments. This role partners closely with SOC operations to improve visibility, detection quality, and response effectiveness across endpoint, cloud, and infrastructure telemetry. The ideal candidate has strong experience with the Elastic Stack (Elasticsearch, Logstash, Kibana, Beats), security operations, detection engineering, and MSSP service delivery. This role combines hands-on engineering, threat detection development, automation, and client-facing collaboration to improve security visibility and incident response capabilities.
RESPONSIBILITIES
Platform Engineering & Administration Design, implement, maintain, and optimize multi-tenant Elastic environments, security detections, alerts, and analytics within the Elastic Stack (Elasticsearch, Kibana, Beats, Elastic Agent. Design and optimize Elasticsearch clusters for scalability, performance, and retention requirements Perform SIEM health monitoring, troubleshooting, and capacity planning. Develop dashboards, visualizations, and reporting within Kibana for operational and executive audiences. Support ingestion, normalization, and enrichment of security telemetry from endpoints, cloud platforms, and network sources to expand visibility and detection coverage. Assist with scaling, performance tuning, and reliability of Elastic-based security monitoring environments as the MDR platform grows Onboard of new data sources and clients into the Elastic security platform, ensuring consistency and operational readiness. Proactively identify opportunities to enhance the Elastic platform through idea generation, proof-of-concept development, and implementation of new capabilities, detections, and workflows. Detection Engineering and Threat Monitoring Develop and tune detection logic aligned to real-world threats and the MITRE ATT&CK
framework. Improve detection fidelity by reducing false positives and increasing actionable signal. Support incident response investigations and forensic analysis activities. Integrate threat intelligence feeds and enrich security telemetry Collaboration & Growth Partner with SOC leadership and product stakeholders to translate operational gaps and customer needs into actionable platform improvements. Build and optimize Elasticsearch queries, dashboards, and visualizations to support SOC operations and investigations. Collaborate with SOC leadership, MDR engineering, and threat intelligence teams to evolve detection strategy. Contribute to documentation, standards, and detection engineering best practices to support consistency and scalability across the MDR program. Actively expand technical knowledge by learning and supporting additional security platforms and technologies beyond Elastic, as MDR capabilities evolve. Mentor junior engineers or analysts as needed, sharing platform knowledge and detection engineering best practices. Qualifications:
4+ years of experience working with the Elastic Stack in a security, observability, or analytics context. Strong experience with Elasticsearch query language (ES|QL and/or KQL), Kibana, and Elastic data models. Hands-on experience building security detections, alerts, or analytics in SIEM or log analytics platforms. Experience with Elastic Security (SIEM, Endpoint, Detection Rules). Familiarity with endpoint, cloud, and infrastructure telemetry (e.g., EDR logs, Windows events, Linux logs, cloud audit logs). Understanding of adversary behavior and detection methodologies, including the MITRE ATT&CK
framework. Experience working in ticketing or incident management systems in an operational environment. Strong communication skills and ability to collaborate with SOC analysts and engineers. Preferred (Not Required): Understanding of adversary behavior and detection methodologies, including the MITRE ATT&CK
framework. Scripting or automation experience (Python, Bash, or similar). Experience in an MDR, MSSP, or SOC environment. Relevant certifications or formal education in cybersecurity or related fields. BENEFITS
Company-paid health, dental and vision insurance plans for the employee. Up to a 4% 401k company match that vests immediately, it's yours to keep. Generous paid time off and 10 holidays per year. Paid time off to vote and volunteer. Paid time off on your birthday because it's your special day. Up to $100 per month for your internet and cell phone service. Team building events. ADDITIONAL
All candidates will be required to take an extensive background screen, credit screen, and drug screen prior to employment. This is an on-site position for candidates located in Franklin, TN. Pay:
$120,000.00 - $150,000.00 per year Benefits:
401(k) 401(k) matching Dental insurance Health insurance Health savings account Life insurance Paid time off Vision insurance Experience:
Elastic Stack:
4 years (Required) Work Location:
In person
