Cloud Defensive Security Engineer

Join to apply for theAsegúrese de leer detenidamente la información sobre esta oportunidad antes de presentar su candidatura.Cloud Defensive Security Engineer (Elastic)role atAdevintaWe’reAdevinta , a global leader in digital marketplaces. Our brands – including Marktplaats in the Netherlands, in Germany and leboncoin in France – reach hundreds of millions of people every month. We match people with what they need, creating a world where communities grow and waste is reduced. Global Tech Hubs in Barcelona, Amsterdam, Paris, and Berlin develop common products and innovation platforms that are highly scalable, customisable, and secure.What You’ll Do & Who You AreAs a Defensive Security Engineer on the Cloud Defense team within Security Operations, you will own and evolve our Elastic-based detection and observability platform, enabling “Defense as a Service” for security and engineering teams across the company. You will combine strong Elastic expertise with solid Infra/DevSecOps practices to elevate our detection capabilities to the next level. You need to be comfortable growing your security skills on the job while collaborating with security engineers, SOC analysts, and incident responders.What You Will DoYou will join the Cloud Defense team, responsible for consolidating and scaling our operating defensive security capabilities for our multi‑cloud (AWS and GCP) environments, platforms, and applications.Redesign, evolve, and operate our Elastic stack (Elasticsearch, Kibana, Elastic Security/Observability) as a core part of the defensive platform.Own the ingestion pipelines for security and infrastructure telemetry (e.g. AWS/GCP audit logs, EDR telemetry, OS/syslog from Linux fleets and key application logs from our core products), including Beats/Agents, ingest pipelines, and index lifecycle management.Pragmatically optimise Elastic for performance, scalability, cost, and reliability (index strategy, shard planning, hot/warm/cold, retention policies).Define and maintain standards and templates for indices, data streams, mappings, and dashboards.Implement and maintain detection content in Elastic (KQL/EQL queries, rules, anomaly jobs) following defense‑as‑code practices: versioning, code reviews, testing, and CI/CD.Collaborate with engineering teams, SOC, and Incident Response to translate threat scenarios and cloud/runtime risks into Elastic rules, alerts, and dashboards.Improve detections to reduce false positives and improve signal quality, based on feedback from SOC, IR, and product teams.Contribute to internal tooling that improves detection engineering (e.g. shared rule templates, test harnesses, linters, rule packaging).Manage Elastic infrastructure, data pipelines, and content deployments using IaC tools (Terraform, CloudFormation) and CI/CD platforms (GitHub Actions, Argo CD).Integrate Elastic with other security and cloud services (e.g. EDR agents, cloud‑native security tools, ticketing, notification channels, SOAR) to support end‑to‑end defensive workflows.Support the hardening and security of the Elastic platform (access control, encryption, secrets, network policies, backups, and recovery).Treat Elastic as a product: maintain a roadmap, backlog, changelog, and documentation for the platform’s security capabilities.Provide self‑service onboarding patterns for product and platform teams (data ingestion blueprints, dashboards, reference queries, runbooks).Partner with Cloud, SRE, Platform, and Application teams to ensure the right telemetry is available for runtime security, incident response, and troubleshooting.Build and maintain simple and clear dashboards that show data coverage, detection health, and ingest reliability over time.Level up the team’s Elastic skills by treating detections as data problems: help colleagues design data models, queries, and pipelines that scale, and coach them on performance, cost, and reliability trade‑offs at our volume.QualificationsMust‑haveStrong hands‑on experience designing, operating, and troubleshooting Elastic deployments in production (on‑prem or cloud‑managed).Experience building and operating log/telemetry pipelines into Elastic (Filebeat/Metricbeat/other Beats, Elastic Agent, Logstash, ingest pipelines).Proficiency with Kibana: dashboards, visualisations, Lens, saved searches, alerting and spaces.Solid understanding of distributed systems basics relevant to Elastic (indexing, sharding, replication, cluster health).Elastic Certified Engineer (or equivalent depth of experience); certification is a plus.Infra / DevSecOps and CloudExperience with infrastructure‑as‑code (e.g. Terraform, Ansible, CloudFormation) to deploy and manage infrastructure.Experience with CI/CD pipelines (GitHub Actions, Jenkins, etc.) to automate configuration and infrastructure deployments.Hands‑on experience with Linux systems, containers, and Kubernetes (EKS or vanilla deployments).Experience with public cloud environments, preferably AWS and/or GCP (cloud logging, IAM basics, network fundamentals).Security KnowledgeGood understanding of core security and SOC concepts: logs vs events vs alerts, detections, triage, and investigations.Familiar with threat detection concepts (TTPs, attacker behaviours, MITRE ATT&CK) and how they map to logs and signals.Understanding of common cloud and application security risks (misconfigurations, credential misuse, suspicious access patterns).Willingness and curiosity to grow security expertise working next to seasoned security professionals.General4+ years of experience in a relevant role (Platform/Observability Engineer, Elastic Engineer, DevOps/Cloud Engineer, Security Engineer).Strong scripting/automation skills in at least one language (Go, Bash, Python).Strong analytical and problem‑solving abilities.Excellent communication and documentation skills, able to work effectively with engineers and security specialists in a distributed fast‑paced environment.Nice To HavePractical experience with Elastic Security or SIEM capabilities (detection rules, timelines, cases, EQL/KQL for threat detection).Hands‑on experience integrating Elastic with EDR/runtime security tools (e.g. CrowdStrike).Experience with SOAR tools or building automation around alert handling and incident response.Prior work in a Cloud Security/Cloud Defense/SecOps team.Contributions to open‑source projects, security libraries, or public talks/blog posts about Elastic, observability, or security.Relevant certifications (Elastic, Cloud Security, Kubernetes, or DevOps related).BenefitsAn attractive Base SalaryParticipation in our Short Term Incentive plan (annual bonus)Work From Anywhere: up to 20 days a year of working from anywhere. You just need reliable internetA 24/7 Employee Assistance Program for you and your family Collaboration and growth opportunities. At Adevinta, you will find a collaborative environment with an opportunity to explore your potential and growOn top of these, we also provide a range of locally relevant benefits. Wanna know more? Apply and ask our recruiters Adevinta is an equal opportunity employer and we value diversity. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status.If you feel like you don’t meet all of the requirements for this role but are interested, please consider applying anyway. xsgfvud Research suggests that women and individuals from underrepresented groups may self‑select out of opportunities if they don’t meet 100% of the job requirements. We strongly encourage people from historically excluded groups to apply and look forward to speaking with you.#J-18808-Ljbffr