Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale — unleashing the…
Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale — unleashing the potential of businesses and people. The Elastic Search AI Platform, used by more than 50% of the Fortune 500, brings together the precision of search and the intelligence of AI to enable everyone to accelerate the results that matter. By taking advantage of all structured and unstructured data — securing and protecting private information more effectively — Elastic’s complete, cloud-based solutions for search, security, and observability help organizations deliver on the promise of AI.
What is the Role
We are seeking a Site Reliability Engineer to join the Platform Security team and take ownership of the systems that keep Elastic's Kubernetes infrastructure secure and compliant at scale, across every environment we operate.
You will be the primary owner of our Kyverno policy enforcement pipeline, governing admission control across Elastic's serverless platform in Commercial and FedRAMP environments. You will also play a key role in our secrets management infrastructure. You will help ensure that short-lived credentials are standard for workloads across the company.
This is a high-leverage, high-trust role. You will make decisions that affect what runs and what doesn't in production.
What You Will Be Doing
You will own the Kyverno policy enforcement pipeline end-to-end authoring and maintaining ClusterPolicy definitions, managing progressive rollout across Commercial and GovCloud deployment slices, and handling the manual deployment path for clusters that sit outside the automated pipeline. You will drive the Audit Enforce promotion lifecycle: monitoring policy-reporter data, coordinating with platform teams on workload impact, and rolling enforcement forward through environments in a controlled, documented way.
On the secrets side, you will contribute to both of our Vault instances authoring HCL policies and managing Okta identity group wiring in Cloud Vault, and reviewing GitHub permissionset PRs for our infra Vault to ensure workloads get least-privilege, short-lived credentials. Across both areas, you will write the runbooks, enforcement trackers, and operational documentation that keep the team moving safely.
What You Bring
- 5+ years of platform engineering, security engineering, or infrastructure engineering experience
- Hands-on experience with Kubernetes admission control Kyverno, OPA Gatekeeper, or equivalent including policy authoring, testing in cluster, and production rollout
- Proficiency with Helm and GitOps workflows; comfortable owning multi-repo deployment pipelines
- Production experience with HashiCorp Vault policy authoring (HCL), auth backend configuration (OIDC, AppRole, Kubernetes), or secrets engine management
- Fluency with Terraform; comfortable contributing to large, multi-workspace configurations across multiple environments
- Strong understanding of authentication and authorization primitives OIDC, SAML, short-lived credentials, and least-privilege access patterns
- Comfort reasoning about blast radius: you think carefully about what happens if a policy enforces too early, too broadly, or in the wrong environment
- Clear written communication; you write runbooks and policy documentation that other engineers trust and use
Bonus Points
- Familiarity with ArgoCD and progressive deployment patterns
- Background operating Vault in HA/Raft mode at scale, or experience with the kube-vault-controller / vault-realizer pattern for Kubernetes workload credential issuance
- Experience with Buildkite or similar CI/CD systems for infrastructure pipelines
- Contributions to open source tooling in the Kubernetes security or identity space
Compensation for this role is in the form of base salary. This role does not have a variable compensation component.
At Elastic, our compensation philosophy aims to provide fair, competitive and transparent remunera
Neutral 2–4 sentence summary of what working at this company is like, drawn from public reviews and press coverage. Tone, collaboration style, pace, benefits highlights.
£45,000 – £60,000 (Glassdoor, Levels.fyi, 2025)
Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale — unleashing the…
FEQ327R288 This role is based out of Paris and can involve travel up to 30% when needed Specialist Solutions Architect - Platform Security…
This leadership role is responsible for shaping and driving the Platform and Security Architecture strategy across all platforms that have c…