Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale — unleashing the potential of businesses and people. The Elastic Search AI Platform, used by more than 50% of the Fortune 500, brings together the precision of search and the intelligence of AI to enable everyone to accelerate the results that matter. By taking advantage of all structured and unstructured data — securing and protecting private information more effectively — Elastic's complete, cloud-based solutions for search, security, and observability help organizations deliver on the promise of AI.
What is The RoleWe are looking for a security‐focused Engineer to strengthen Kibana's security posture and build robust platform security features. In this role, you'll be responsible for hardening Kibana against evolving threats, managing security vulnerabilities, and ensuring our application meets the highest security standards for enterprise and government customers. You'll also leverage AI to build innovative security tools that enhance our vulnerability detection, automate security workflows, and accelerate threat response. If you're passionate about web application security and want to make a direct impact on protecting critical infrastructure while pushing the boundaries of AI‐powered security, this is the role for you.
What You Will Be Doing
Lead security hardening efforts across Kibana's codebase and infrastructure, including content security policy implementation and enforcement
Build AI‐powered tools and workflows to enhance security operations, including automated vulnerability detection, intelligent security alert triage, and predictive threat analysis
Manage third‐party dependency security through regular audits, vulnerability assessments, and coordinated upgrades
Collaborate with security researchers and respond to vulnerability reports with urgency and thoroughness
Design and implement security controls for authentication, authorization, and auditing features
Work closely with Operations and Engineering teams to ensure security best practices across our hosted and on‐premise offerings
Contribute to threat modeling and security architecture decisions for new features
Write secure, maintainable code for both client and server‐side components
What You Bring
At least 3 years of web development experience, with a focus on secure development practices
Strong knowledge of web application security principles including OWASP Top 10, secure authentication patterns, and defense‐in‐depth strategies
Experience with security vulnerability management, including triage, remediation, and coordinated disclosure
Proficiency with JavaScript, TypeScript, and Node.Js
Familiarity with security scanning tools and vulnerability management platforms (e.G., Snyk, CodeQL, HackerOne)
Ability to work and communicate effectively with a worldwide team in a distributed work environment
Hands‐on experience implementing and maintaining content security policies, CORS policies, and other browser security controls
Understanding of single‐sign‐on technologies, role‐based access control, and identity management protocols
Additional Information – We Take Care of Our PeopleAs a distributed company, diversity drives our identity. Whether you're looking to launch a new career or grow an existing one, Elastic is a place where you can balance great work with great life. We strive to have parity of benefits across regions.
Competitive pay based on the work you do here and not your previous salary
Health coverage for you and your family in many locations
Ability to craft your calendar with flexible locations and schedules for many roles
Generous number of vacation days each year
Matching up to $2000 (or local currency equivalent) for financial donations and service
Up to 40 hours each year to use toward volunteer projects you love
Minimum 16 weeks of parental leave
Security & Privacy ResponsibilitiesTake ownership of protecting the confidentiality, integrity, and availability of organizational data and systems by following applicable privacy and security policies, standards, and procedures. Ensure that all individual contributions follow Elastic's Secure Software Development Framework (SSDF). Proactively participate in mandatory role‐based training to ensure personal technical execution consistently aligns with the highest standards of data protection, data privacy, and system resilience.
Elastic is an equal‐opportunity employer and is committed to creating an inclusive culture that celebrates different perspectives, experiences, and backgrounds. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, pregnancy, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, disability status, or any other basis protected by federal, state, or local law, ordinance or regulation. We welcome individuals with disabilities and strive to create an accessible and inclusive experience for all individuals.
#J-18808-Ljbffr