Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale — unleashing the potential of businesses and people. The Elastic Search AI Platform, used by more than 50% of the Fortune 500, brings together the precision of search and the intelligence of AI to enable everyone to accelerate the results that matter. By taking advantage of all structured and unstructured data — securing and protecting private information more effectively — Elastic’s complete, cloud-based solutions for search, security, and observability help organizations deliver on the promise of AI. What Is The Role : We are looking for a Public Sector Senior Compliance Analyst to join our team in Information Security (InfoSec). The InfoSec team leads the strategy, policy, and programs for information security company-wide. Our responsibilities include compliance risk management, implementing a comprehensive security program, driving compliance initiatives, recommending and implementing security controls, preventing and detecting security threats, and handling incident response. We do all of this in a globally distributed company, thinking differently about how we best achieve critical information security objectives. What You Will Be Doing : - Leading US public sector audit and certification process (DoD IL 5) and owning continuous monitoring requirements to maintain compliance. - Acting as a trusted advisor to internal teams, translating complex compliance requirements into clear, actionable guidance. - Striving for a next-generation audit experience through intelligent data, automation, and continuous metrics. What You Bring : - Experience leading public sector compliance audits and certification processes in a cloud native company, working with DoD IL5 and/or FedRAMP High. - A high degree of autonomy, combining the ability to prioritize and coordinate with a strong attention to detail. - Creative, relevant and practical mindset, driven by risk-based decision making. - Bonus points if you have the experience with compliance-as-code or have done all the above at a growing SaaS company! Compensation for this role is in the form of base salary. This role does not have a variable compensation component. The typical starting salary range for new hires in this role is listed below. In select locations (including Seattle WA, Los Angeles CA, the San Francisco Bay Area CA, and the New York City Metro Area), an alternate range may apply as specified below. These ranges represent the lowest to highest salary we reasonably and in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the ranges may be modified in the future. An employee's position within the salary range will be based on several factors including, but not limited to, relevant education, qualifications, certifications, experience, skills, geographic location, performance, and business or organizational needs. Elastic believes that employees should have the opportunity to share in the value that we create together for our shareholders. Therefore, in addition to cash compensation, this role is currently eligible to participate in Elastic's stock program. Our total rewards package also includes a company-matched 401k with dollar-for-dollar matching up to 6% of eligible earnings, along with a range of other benefits offered with a holistic emphasis on employee well-being. The typical starting salary range for this role is: $133,100—$210,600 USD The typical starting salary range for this role in the select locations listed above is: $159,900—$252,900 USD Additional Information - We Take Care of Our People As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn’t matter if you’re just out of college or your children are; we need you for what you can do. We strive to have parity of benefits across regions and while regulations differ from place to place, we believe taking care of our people is the right thing to do. - Competitive pay based on the work you do here and not your previous salary - Health coverage for you and your family in many locations - Ability to craft your calendar with flexible locations and schedules for many roles - Generous number of vacation days each year - Increase your impact - We match up to $2000 (or local currency equivalent) for financial donations and service - Up to 40 hours each year to use toward volunteer projects you love - Embracing parenthood with minimum of 16 weeks of parental leave Different people approach problems differently. We need that. Elastic is an equal opportunity/affirmative action employer committed to diversity, equity, and inclusion. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, pregnancy, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, disability status, or any other basis protected by federal, state or local law, ordinance or regulation. We welcome individuals with disabilities and strive to create an accessible and inclusive experience for all individuals. To request an accommodation during the application or the recruiting process, please email candidate_accessibility@elastic.co We will reply to your request within 24 business hours of submission. Applicants have rights under Federal Employment Laws, view posters linked below: Family and Medical Leave Act (FMLA) Poster; Pay Transparency Nondiscrimination Provision Poster; Employee Polygraph Protection Act (EPPA) Poster and Know Your Rights (Poster) Elasticsearch develops and distributes encryption software and technology that is subject to U.S. export controls and licensing requirements for individuals who are located in or are nationals of the following sanctioned countries and regions: Belarus, Cuba, Iran, North Korea, Russia, Syria, the Crimea Region of Ukraine, the Donetsk People’s Republic (“DNR”), and the Luhansk People’s Republic (“LNR”). If you are located in or are a national of one of the listed countries or regions, an export license may be required as a condition of your employment in this role. Please note that national origin and/or nationality do not affect eligibility for employment with Elastic. Please see here for our Privacy Statement.

**What You'll Do:** - Conduct real-time monitoring of security alerts and incidents utilising our SIEM tools (FortiSIEM and MS Sentinel) to ensure swift identification and resolution of potential threats. - Utilise vulnerability management tools such as Tenable and MS Defender to report on vulnerabilities within customer environments and propose appropriate remediation plans. - Conduct security awareness training sessions for customers to foster a security-conscious culture. - Conduct regular security meetings with CT customers by generating reports and presenting findings. - Collaborate with all stakeholders to configure and fine-tune security tools, including EDR solutions, application control, firewalls, intrusion detection systems, and anti-malware software. - Develop and maintain comprehensive documentation on security procedures and guidelines. - Stay up-to-date with the latest cyber security trends, technologies, and best practices to continuously enhance our security posture.

• Monitor security alerts, incidents, and threats across DoiT's global infrastructure • Conduct security assessments and vulnerability scans for cloud environments and applications • Investigate and respond to security incidents, coordinating with relevant teams for remediation • Maintain and update security documentation, playbooks, and incident response procedures • Support compliance efforts including SOC2, ISO 27001, and customer security assessments • Assist with security awareness training and education initiatives across the organization • Implement and maintain security controls across AWS, Google Cloud, and Microsoft Azure environments • Configure and monitor cloud security tools including SIEM, CASB, and vulnerability scanners • Review cloud architecture designs and provide security recommendations • Support secure configuration management and infrastructure as code practices • Monitor cloud access patterns and investigate anomalous activities • Assist with security policy development and implementation • Support vendor security assessments and due diligence processes • Maintain security metrics and reporting for leadership and compliance requirements • Participate in security audits and provide evidence for compliance frameworks • Help develop and test business continuity and disaster recovery plans • Work closely with IT Operations team on security-related projects and initiatives • Provide security guidance to development and engineering teams • Support procurement processes by reviewing security requirements for new tools and services • Collaborate with external security consultants and penetration testing teams • Participate in cross-functional incident response and crisis management activities

• Monitor security alerts, incidents, and threats across DoiT's global infrastructure • Conduct security assessments and vulnerability scans for cloud environments and applications • Investigate and respond to security incidents, coordinating with relevant teams for remediation • Maintain and update security documentation, playbooks, and incident response procedures • Support compliance efforts including SOC2, ISO 27001, and customer security assessments • Assist with security awareness training and education initiatives across the organization • Implement and maintain security controls across AWS, Google Cloud, and Microsoft Azure environments • Configure and monitor cloud security tools including SIEM, CASB, and vulnerability scanners • Review cloud architecture designs and provide security recommendations • Support secure configuration management and infrastructure as code practices • Monitor cloud access patterns and investigate anomalous activities • Assist with security policy development and implementation • Support vendor security assessments and due diligence processes • Maintain security metrics and reporting for leadership and compliance requirements • Participate in security audits and provide evidence for compliance frameworks • Help develop and test business continuity and disaster recovery plans • Work closely with IT Operations team on security-related projects and initiatives • Provide security guidance to development and engineering teams • Support procurement processes by reviewing security requirements for new tools and services • Collaborate with external security consultants and penetration testing teams • Participate in cross-functional incident response and crisis management activities