Security Solutions – Sr. Software Engineer – Elastic Common Schema

Website Elastic

The Elastic Common Schema (ECS) is an open source specification, developed with support from the Elastic user community. ECS defines a common set of fields to be used when storing event data in Elasticsearch, such as logs and metrics.

As Senior Engineer on the ECS team, you will be part of a team managing high quality field mappings for various use cases such as security and observability. As part of the ECS team, you’ll be deeply involved in working with the community, enriching ECS with new mappings as part of regular release cadence. Being part of the ECS team also means working closely with Stack, Security, Observability, and Enterprise Search teams to promote and facilitate their contributions to ECS. Working on ECS requires being creative in building a future-proof schema. The team is diverse and distributed across the world, and collaborates on a daily basis over GitHub, Zoom, and Slack.

What You Will Be Doing:

  • Join the ECS team alongside other team members, working on enriching the common field mapping schema.
  • Research and add new field mappings into the schema as part of a regular release.
  • As part of the release, work closely with other teams in Elastic to fit various use cases into ECS.
  • Find creative ways of promoting and converting the data into Elastic Common Schema.
  • Continuously work with the community to understand their needs and incorporate suggestions.
  • Help build and improve various tools that help users adopt ECS and unlock its potential.
  • Working closely with the documentation team at every step to improve the overall user experience.

What You Will Bring Along:

  • Development experience with Python, Ruby, or TypeScript/JavaScript
  • A good understanding of the Elastic Stack
  • Experience exploring data with Kibana
  • Understanding of Elasticsearch mapping types
  • Experience with parsing logs and events (ideally in the context of security or observability)
  • Experience in correlating events from multiple sources, or threat hunting
  • Expertise of the english language; especially in its written form.
  • Ability to work independently in a globally distributed team.
  • Nice to have: Experience working on an endeavour that requires future-proofing. E.g. another common data schema, API design, developing a parts-numbering system, etc.

To apply for this job please visit