Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale - unleashing the potential of businesses and people. The Elastic Search AI Platform, used by more than 50% of the Fortune 500, brings together the precision of search and the intelligence of AI to enable everyone to accelerate the results that matter. By taking advantage of all structured and unstructured data - securing and protecting private information more effectively - Elastic's complete, cloud-based solutions for search, security, and observability help organizations deliver on the promise of AI.
What is The Role:
We're always searching for outstanding people who have a real passion for what they do and are masters at their craft! We are looking for a Principal Vulnerability Management Analyst to help drive the growth and maturity of our Vulnerability Management Program, enabling Elastic to achieve the highest compliance and security standards.
The InfoSec Product Security team is accountable for the security of all Elastic software and cloud services. We foster customer trust and empower Elastic to weave security into the fabric of our product development and Elastic Cloud platforms. In a globally distributed company, we think differently about achieving critical security and compliance objectives.
Are you passionate about performing through uncertainty and leading a forward-thinking security vulnerability management process? Then we should have a conversation!
What You Will Be Doing:
Own the deployment and operations of our FedRAMP High Vulnerability Management Service, including Continuous Monitoring (ConMon) and formal audits.
Define vulnerability management policies and procedures to support multiple compliance standards (FedRAMP, PCI, etc.) in a distributed multi-cloud environment.
Collaborate with Product and Governance teams to pursue new compliance frameworks.
Optimally communicate to team partners and senior leadership on progress and drive decisions to address program and project challenges.
Select and implement tooling to ensure scan coverage and hardening of Host VMs, Databases, Containers, Web Applications, APIs, and other services.
Define and manage reporting procedures and engage with Product Development, Site Reliability Engineering, IT, and other collaborators to ensure timely and efficient remediation of vulnerabilities.
Scale and mature our VM service to optimize our approach to meeting new standards and requirements across multiple frameworks in a fast-paced engineering ecosystem.
What You Bring:
Prior experience building and operating Department of Defense (DoD) Impact Level 4 or above cloud service environments.
Demonstrated experience building and operating Vulnerability Management services in a FedRAMP environment (preferably FedRAMP High & DoD Impact Level 5). Participating in compliance audits, evidence gathering, and interviews as a domain expert.
Consistent track record for selecting and implementing vulnerability management systems and procedures in distributed cloud environments.
Strong experience deploying vulnerability managing platforms such as Qualys, Rapid7, Tenable, or similar. Working in cloud, containerized infrastructure, automating reporting and remediation tasks, and hands-on knowledge of cloud infrastructure (e.g., AWS, GCP, Azure, EC2, S3, RDS, EKS).
Foundational understanding of secure product development practices such as Critical Vulnerability Response & Disclosure, Pen-testing, Dynamic Application Scanning, Secure Architecture Design.
Outstanding spoken and written communication skills in an asynchronous distributed environment.
Bonus Points:
Experience with Elastic products (Elasticsearch, Kibana, Elastic Agent, Beats, Elastic Cloud, Logstash, Elastic Security).
Additional Information - We Take Care of Our People:
As a distributed company, diversity drives our identity. Whether you're looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn't matter if you're just out of college or your children are; we need you for what you can do.
We strive to have parity of benefits across regions, and while regulations differ from place to place, we believe taking care of our people is the right thing to do.
Competitive pay based on the work you do here and not your previous salary
Health coverage for you and your family in many locations
Ability to craft your calendar with flexible locations and schedules for many roles
Generous number of vacation days each year
Increase your impact - We match up to $2000 (or local currency equivalent) for financial donations and service
Up to 40 hours each year to use toward volunteer projects you love
Embracing parenthood with a minimum of 16 weeks of parental leave
Different people approach problems differently. We need that. Elastic is an equal opportunity/affirmative action employer committed to diversity, equity, and inclusion. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, pregnancy, sexual orientation, gender perception or identity, national origin, age, marital status,... For full info follow application link.
Different people approach problems differently. We need that. Elastic is committed to diversity as well as inclusion. We are an equal opportunity employer and committed to the principles of affirmative action. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. If you require any reasonable accessibility support, please complete our Candidate Accessibility Request Form.
