Back to jobs
Platform Security - Site Reliability Engineer II
elasticGreeceJuly 15, 2026
Skills
auditcicdelasticsearchkubernetesterraform
Job Description
<div class="content-intro"><p>Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale — unleashing the potential of businesses and people. The Elastic Search AI Platform, used by more than 50% of the Fortune 500, brings together the precision of search and the intelligence of AI to enable everyone to accelerate the results that matter. By taking advantage of all structured and unstructured data — securing and protecting private information more effectively — Elastic’s complete, cloud-based solutions for search, security, and observability help organizations deliver on the promise of AI.</p></div><div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="7pmns-0-0"><strong><span data-offset-key="7pmns-0-0"><span data-text="true">What is the Role</span></span></strong></div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="c4171-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="c4171-0-0"> </div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="c4171-0-0"><span data-offset-key="c4171-0-0"><span data-text="true">We are seeking a Site Reliability Engineer to join the Platform Security team and take ownership of the systems that keep Elastic's Kubernetes infrastructure secure and compliant at scale, across every environment we operate. </span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="19f1v-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="19f1v-0-0"> </div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="19f1v-0-0"><span data-offset-key="19f1v-0-0"><span data-text="true">You will be the primary owner of our Kyverno policy </span></span><span id="popover-trigger-:r2k:" class="chakra-text css-1j6t0d7"><span data-offset-key="19f1v-1-0"><span data-text="true">enforcement</span></span></span><span data-offset-key="19f1v-2-0"><span data-text="true"> pipeline, governing admission control across Elastic's serverless platform in Commercial and FedRAMP environments. You will also play a key role in our secrets management infrastructure. You will help ensure that short-lived credentials are standard for workloads across the company.</span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="3l5hu-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="3l5hu-0-0"> </div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="3l5hu-0-0"><span data-offset-key="3l5hu-0-0"><span data-text="true">This is a high-leverage, high-trust role. You will make decisions that affect what runs and what doesn't in production.</span></span></div>
</div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="e22oh-0-0"> </div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="e22oh-0-0"><strong><span data-offset-key="e22oh-0-0"><span data-text="true">What You Will Be Doing</span></span></strong></div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="e22oh-0-0"> </div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="d8srt-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="d8srt-0-0"><span id="popover-trigger-:r2m:" class="chakra-text css-bcri66"><span data-offset-key="d8srt-0-0"><span data-text="true">You will own the Kyverno policy </span></span></span><span id="popover-trigger-:r2o:" class="chakra-text css-1j6t0d7"><span data-offset-key="d8srt-1-0"><span data-text="true">enforcement</span></span></span><span id="popover-trigger-:r2q:" class="chakra-text css-bcri66"><span data-offset-key="d8srt-2-0"><span data-text="true"> pipeline end-to-end authoring and maintaining ClusterPolicy definitions, managing progressive rollout across Commercial and GovCloud deployment slices, and handling the manual deployment path for clusters that sit outside the automated pipeline.</span></span></span> <span id="popover-trigger-:r2s:" class="chakra-text css-bcri66"><span data-offset-key="d8srt-4-0"><span data-text="true">You will drive the Audit Enforce promotion lifecycle: monitoring policy-reporter data, coordinating with platform teams on workload impact, and rolling </span></span></span><span id="popover-trigger-:r2u:" class="chakra-text css-1j6t0d7"><span data-offset-key="d8srt-5-0"><span data-text="true">enforcement</span></span></span><span id="popover-trigger-:r30:" class="chakra-text css-bcri66"><span data-offset-key="d8srt-6-0"><span data-text="true"> forward through environments in a controlled, documented way.</span></span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="beanp-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="beanp-0-0"> </div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="beanp-0-0"><span id="popover-trigger-:r32:" class="chakra-text css-bcri66"><span data-offset-key="beanp-0-0"><span data-text="true">On the secrets side, you will contribute to both of our Vault instances authoring HCL policies and managing Okta identity group wiring in Cloud Vault, and reviewing GitHub permissionset PRs for our infra Vault to ensure workloads get least-privilege, short-lived credentials.</span></span></span><span data-offset-key="beanp-1-0"><span data-text="true"> Across both areas, you will write the runbooks, </span></span><span id="popover-trigger-:r34:" class="chakra-text css-1j6t0d7"><span data-offset-key="beanp-2-0"><span data-text="true">enforcement</span></span></span><span data-offset-key="beanp-3-0"><span data-text="true"> trackers, and operational documentation that keep the team </span></span><span id="popover-trigger-:r36:" class="chakra-text css-1j6t0d7"><span data-offset-key="beanp-4-0"><span data-text="true">moving</span></span></span><span data-offset-key="beanp-5-0"><span data-text="true"> safely.</span></span></div>
</div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="704aj-0-0"> </div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="704aj-0-0"><strong><span data-offset-key="704aj-0-0"><span data-text="true">What You Bring</span></span></strong></div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="704aj-0-0"> </div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="a86us-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="a86us-0-0"><span data-offset-key="a86us-0-0"><span data-text="true">- 5+ years of platform engineering, security engineering, or infrastructure engineering experience</span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="75bb4-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="75bb4-0-0"><span data-offset-key="75bb4-0-0"><span data-text="true">- Hands-on experience with Kubernetes admission control Kyverno, OPA Gatekeeper, or equivalent including policy authoring, testing in cluster, and production rollout</span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="23bqi-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="23bqi-0-0"><span data-offset-key="23bqi-0-0"><span data-text="true">- Proficiency with Helm and GitOps workflows; comfortable owning multi-repo deployment pipelines</span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="3fil9-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="3fil9-0-0"><span data-offset-key="3fil9-0-0"><span data-text="true">- Production experience with HashiCorp Vault policy authoring (HCL), auth backend configuration (OIDC, AppRole, Kubernetes), or secrets engine management</span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="8q914-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="8q914-0-0"><span id="popover-trigger-:r38:" class="chakra-text css-bcri66"><span data-offset-key="8q914-0-0"><span data-text="true">- Fluency with Terraform; comfortable contributing to large, multi-workspace configurations across multiple environments</span></span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="bcl88-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="bcl88-0-0"><span id="popover-trigger-:r3a:" class="chakra-text css-bcri66"><span data-offset-key="bcl88-0-0"><span data-text="true">- Strong </span></span></span><span id="popover-trigger-:r3c:" class="chakra-text css-8zk7oi"><span data-offset-key="bcl88-1-0"><span data-text="true">understanding</span></span></span><span id="popover-trigger-:r3e:" class="chakra-text css-bcri66"><span data-offset-key="bcl88-2-0"><span data-text="true"> of authentication and authorization primitives OIDC, SAML, short-lived credentials, and least-privilege access patterns</span></span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="7kk65-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="7kk65-0-0"><span data-offset-key="7kk65-0-0"><span data-text="true">- Comfort reasoning about blast radius: you think carefully about what happens if a policy enforces too early, too broadly, or in the wrong environment</span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="1otrc-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="1otrc-0-0"><span data-offset-key="1otrc-0-0"><span data-text="true">- Clear written communication; you write runbooks and policy documentation that other engineers trust and use</span></span></div>
</div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="8t57u-0-0"> </div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="8t57u-0-0"><strong><span data-offset-key="8t57u-0-0"><span data-text="true">Bonus Points</span></span></strong></div>
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="8t57u-0-0"> </div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="fucb8-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="fucb8-0-0"><span data-offset-key="fucb8-0-0"><span data-text="true">- </span></span><span id="popover-trigger-:r3g:" class="chakra-text css-1h4n5cs"><span data-offset-key="fucb8-1-0"><span data-text="true">Familiarity</span></span></span><span data-offset-key="fucb8-2-0"><span data-text="true"> with ArgoCD and progressive deployment patterns </span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="7dj6i-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="7dj6i-0-0"><span data-offset-key="7dj6i-0-0"><span data-text="true">- Background operating Vault in HA/Raft mode at scale, or experience with the kube-vault-controller / vault-realizer pattern for Kubernetes workload credential issuance</span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="eqmuh-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="eqmuh-0-0"><span data-offset-key="eqmuh-0-0"><span data-text="true">- Experience with Buildkite or similar CI/CD systems for infrastructure pipelines</span></span></div>
</div>
<div class="p" data-block="true" data-editor="ebrsf" data-offset-key="fh3md-0-0">
<div class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="fh3md-0-0"><span data-offset-key="fh3md-0-0"><span data-text="true">- Contributions to open source tooling in the Kubernetes security or identity space</span></span></div>
</div><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p>Compensation for this role is in the form of base salary. This role does not have a variable compensation component. </p>
<p>At Elastic, our compensation philosophy aims to provide fair, competitive and transparent remuneration. Salary ranges are established based on a combination of external market benchmarks, internal pay equity considerations, and the responsibilities and complexity associated with each role. This approach helps ensure consistency across comparable roles while remaining competitive within the relevant labour markets.</p>
<p>The final compensation offered within the applicable range will be determined based on several objective factors, including relevant professional experience, level of skills and expertise, alignment with the role requirements, and the overall scope and complexity of the position.</p></div><div class="title">The typical starting salary range for this role is:</div><div class="pay-range"><span>€60.900</span><span class="divider">—</span><span>€75.600 EUR</span></div></div></div><div class="content-conclusion"><h2><strong>Additional Information - We Take Care of Our People</strong></h2>
<p>As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn’t matter if you’re just out of college or your children are; we need you for what you can do.</p>
<p>We strive to have parity of benefits across regions and while regulations differ from place to place, we believe taking care of our people is the right thing to do.</p>
<ul>
<li>Competitive pay based on the work you do here and not your previous salary</li>
<li>Health coverage for you and your family in many locations</li>
<li>Ability to craft your calendar with flexible locations and schedules for many roles</li>
<li>Generous number of vacation days each year</li>
<li>Increase your impact - We match up to $2000 (or local currency equivalent) for financial donations and service</li>
<li>Up to 40 hours each year to use toward volunteer projects you love</li>
<li>Embracing parenthood with minimum of 16 weeks of parental leave</li>
</ul>
<p>Different people approach problems differently. We need that. Elastic is an equal opportunity employer and is committed to creating an inclusive culture that celebrates different perspectives, experiences, and backgrounds. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, pregnancy, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, disability status, or any other basis protected by federal, state or local law, ordinance or regulation.</p>
<p>We welcome individuals with disabilities and strive to create an accessible and inclusive experience for all individuals. To request an accommodation during the application or the recruiting process, please email <a href="mailto:candidate_accessibility@elastic.co" target="_blank">candidate_accessibility@elastic.co</a><span class="gmail_default">.</span> We will reply to your request within 24 business hours of submission.</p>
<p><span style="color: #000000;">Applicants have rights under Federal Employment Laws, view posters linked below:</span> <a href="https://www.dol.gov/sites/dolgov/files/WHD/legacy/files/fmlaen.pdf" target="_blank">Family and Medical Leave Act (FMLA)</a> <span style="color: #000000;">Poster;</span><span style="color: #000000;"> <a href="https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf" target="_blank">Pay Transparency Nondiscrimination Provision</a> Poster; </span><a href="https://www.dol.gov/sites/dolgov/files/WHD/legacy/files/eppabw.pdf" target="_blank">Employee Polygraph Protection Act (EPPA)</a> <span style="color: #000000;">Poster and <a href="https://www.dol.gov/sites/dolgov/files/OFCCP/regs/compliance/posters/pdf/22-088_EEOC_KnowYourRights.pdf" target="_blank">Know Your Rights</a> (Poster)</span></p>
<p><span style="color: #000000;">Elasticsearch develops and distributes technology and information that is subject to U.S. and other countries’ export controls and licensing requirements for individuals who are located in or are nationals of the following sanctioned countries and regions: Belarus, Cuba, Iran, North Korea, Syria, or Russia, including the Ukrainian territories annexed by Russia (The Crimea region of Ukraine, The Donetsk People's Republic (DNR), The Luhansk People's Republic (LNR), Kherson or Zaporizhzhia). If you are located in or are a national of one of the listed countries or regions, an export license may be required as a condition of your employment in this role. Please note that national origin and/or nationality do not affect eligibility for employment with Elastic.</span></p>
<p>Please see <a href="https://www.elastic.co/legal/applicant-privacy-statement" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://www.elastic.co/legal/applicant-privacy-statement&source=gmail&ust=1611068262479000&usg=AFQjCNG3orAPk5sJIr9WVm0ZDxYw82c5DA">here</a> for our Privacy Statement.</p></div>
Apply for this role
You'll be redirected to the company's application page