Home › Companies › Urbansoft › Elastic Stack Engineer
Elastic Stack Engineer
Urbansoft · Hybrid · Active · BambooHR
Job facts
| Field | Value |
|---|---|
| Company | Urbansoft |
| Title | Elastic Stack Engineer |
| Normalized title | - |
| Department / team | - |
| Location | JHB / CPT, Gauteng, South Africa |
| Work model | Hybrid / Hybrid |
| Employment type | Contract |
| Salary | - |
| Status | active |
| ATS provider | BambooHR |
| Posted / first seen | 2025-11-10 / 2026-05-30 |
| Changed / last seen | 2026-05-30 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Urbansoft. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through BambooHR. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| City jobs | Active postings in JHB / CPT. | Open |
| Work model jobs | Active Hybrid postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Urbansoft |
| Source | fab26e5b-ea67-47b0-a198-0fe75d082467 |
| ATS provider | BambooHR |
Description
Job Description: Elastic Stack Engineer
(Search & Observability)
Role Overview
As an Elastic / Observability & Security Platform Engineer, you will lead the design,
implementation, monitoring and continuous improvement of our Elastic-based observability and security stack. You will take ownership of detection rules, watchers, ML-models, health monitoring of data streams, alerting frameworks, and tracking of data pipeline latency/integration times. You will work closely with data engineers, security operations, platform engineering, and business-units to ensure robust real-time monitoring, anomaly detection, alerting, and data integration observability.
Key Responsibilities
•
Architect, deploy, configure and optimise the Elastic Stack (Elasticsearch, Kibana,
Beats, Logstash, Elastic Machine Learning, Elastic Watcher/Alerting).
•
Develop and maintain JSON-based configuration files, logic and pipelines for
detection rules, watchers and alerting states.
•
Design, build and operationalise machine-learning jobs within Elastic ML (e.g.,
anomaly detection, forecasting, classification) for observability/security use-cases.
•
Monitor, maintain and improve the health and performance of data-streams (logs,
metrics, events, traces) ingesting into the Elastic cluster: ensure data freshness,
minimal latency, correct mapping, index lifecycle management (ILM), shard
management, and cluster health.
•
Implement and maintain alerting/notification frameworks: watchers/triggers, custom
alert-logic via JSON, integration with downstream systems (Slack, Teams,
PagerDuty, email, webhook).
•
Track and report on the integration time between upstream data sources and the
Elastic ingestion pipeline (i.e., latency from source → pipeline → index →
availability), diagnose and mitigate delays or bottlenecks.
•
Develop dashboards, visualisations and reports in Kibana to communicate KPIs,
SLAs (data-ingestion, alert-response, model accuracy), and to drive continuous
improvement.
•
Collaborate with data engineering, DevOps, security operations (SecOps), SRE and
business stakeholders to define requirements and deliver effective
observability/security solutions.
•
Establish best‐practices, standards and documentation for JSON rule-configs,
watchers, ML-jobs, dashboarding and monitoring.
•
Participate in incident-response processes: support triage, root-cause analysis and feed
learnings back into detection rules/ML jobs/monitoring.
•
Stay up-to-date and contribute to improving the Elastic ecosystem in our
environment: new features, upgrades, tuning, cost-optimisation, benchmark/scale
testing.
Required Skills & Experience
•
Strong hands-on experience with the Elastic Stack (Elasticsearch, Kibana, Beats,
Logstash or equivalent ingestion pipelines) – you should be comfortable deploying,
configuring and operating production Elastic clusters.
•
Proficiency in writing and using JSON configurations and logic for detection rules,
watchers, alerting frameworks, and monitoring pipelines.
•
Experience building and operationalising Elastic Machine Learning jobs (anomaly
detection, forecasting, classifications) and interpreting model output for
observability/security use-cases.
•
In-depth experience monitoring and maintaining the health of high-volume data
streams: log/metric/event/tracing data, with attention to data latency, ingestion
batching, pipeline failures, index lifecycle, and cluster resource optimisation.
•
Experience designing end-to-end alerting workflows (trigger logic, thresholds, multi-
condition rules, escalation, notification integration).
•
Experience tracking and measuring integration times (data latency from source
ingestion to availability in index/dashboards) and implementing improvements to
reduce that latency.
•
Strong scripting or programming ability (e.g., Python, Bash, or similar) to automate
tasks, integrations or alert-logic.
•
Strong analytical and problem-solving skills: ability to diagnose
ingestion/pipeline/cluster issues, chain of events, root causes, and propose
mitigations.
•
Excellent communication skills: able to articulate detection logic, ML-model results,
data‐latency issues and dashboards to technical and non‐technical stakeholders.
•
Good understanding of DevOps/SRE practices (CI/CD, Infrastructure as Code,
Monitoring, Logging, Alerting).
•
Ability to document clearly: JSON rule setups, watchers, dashboards, models,
runbooks.
•
Bachelor’s degree in Computer Science, Information Systems or equivalent
experience; or equivalent relevant industry experience.
Desirable / Bonus Skills
•
Experience with elastic security (formerly SIEM) use‐cases using Elastic.
•
Experience with other observability/tracing stacks (OpenTelemetry, Jaeger,
Prometheus, Grafana) and integrating them into Elastic.
•
Knowledge of cloud environments (AWS, Azure, GCP) and experience managing
Elastic clusters in cloud or hybrid deployments.
•
Experience with large scale index management, shard tuning, ILM policies, cluster
scaling, and cost optimisation.
•
Experience with advanced ML-techniques (unsupervised learning, time‐series
forecasting, advanced feature engineering) applied to observability/security.
•
Knowledge of security operations (SecOps) and detection use-cases: threat hunting,
anomaly detection, SOC workflows.
•
Familiarity with infrastructure instrumentation (logs, metrics, traces) and analysing
telemetry from microservices/distributed systems.
Full job record
| Job ID | a9c1fc602c948b738cb42359884be088d808fef4 |
| Org ID | 5d1ca8f6-c307-4d51-94c2-d2fd730c1357 |
| Source ID | fab26e5b-ea67-47b0-a198-0fe75d082467 |
| Board ID | fab26e5b-ea67-47b0-a198-0fe75d082467 |
| Provider | bamboohr |
| Provider Job Key | 78 |
| Title | Elastic Stack Engineer |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | — |
| Department | — |
| Team | — |
| Employment Type | contract |
| Workplace Type | hybrid |
| Remote Policy | hybrid |
| Country | South Africa |
| Region | Gauteng |
| City | JHB / CPT |
| Salary Raw | — |
| Salary Min | — |
| Salary Max | — |
| Salary Currency | — |
| Salary Period | — |
| Source URL | https://urbansoft.bamboohr.com/careers/78 |
| Apply URL | https://urbansoft.bamboohr.com/careers/78 |
| First Seen At | 2026-05-30 06:12:24Z |
| Last Seen At | 2026-06-06 10:01:16Z |
| Last Checked At | 2026-06-06 10:01:16Z |
| Last Changed At | 2026-05-30 06:12:24Z |
| Inactive At | — |
| Source Posted At | 2025-11-10 00:00:00Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=bamboohr/board=urbansoft/date=2026-06-06/2026-06-06T10-01-14-841Z-ea65b9046a477bc642c071a28b8d83d35f71b03714e7d1dd49b6c81cee9ba43d.json |
Event Fields
{
"content_hash": "1e07107030b4b5ecaafd5324ca520f5fda083f49d204149be6cf0dea47606916",
"source_hash": "d1e34826f13167eca85527a684b85839814de0bd35ed41a834141dc5f80f58fa",
"last_changed_at": "2026-05-30T06:12:24.568Z",
"active_status": "active"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "JHB / CPT, Gauteng, South Africa",
"city": "JHB / CPT",
"region": "Gauteng",
"country": "South Africa",
"is_remote": false,
"confidence": 0.8
},
"salary_max": null,
"salary_min": null,
"inferred_at": "2026-06-06T10:01:16.102Z",
"launch_scope": {
"reason": "bamboohr_production_catalog",
"included": true,
"location": {
"raw": "JHB / CPT, Gauteng, South Africa",
"city": "JHB / CPT",
"region": "Gauteng",
"country": "South Africa",
"is_remote": false,
"confidence": 0.8
},
"countries": [
"South Africa"
]
},
"remote_policy": "hybrid",
"salary_period": null,
"workplace_type": "hybrid",
"salary_currency": null
}Extensions
{}Native Structured
{
"list_job": {
"id": "78",
"isRemote": null,
"location": {
"city": null,
"state": null
},
"atsLocation": {
"city": "JHB / CPT",
"state": null,
"country": "South Africa",
"province": "Gauteng"
},
"departmentId": null,
"locationType": "1",
"jobOpeningName": "Elastic Stack Engineer",
"departmentLabel": null,
"employmentStatusLabel": "Contractor"
},
"detail_errors": [],
"detail_job_opening": {
"location": {
"city": null,
"state": null,
"postalCode": null,
"addressCountry": null
},
"datePosted": "2025-11-10",
"atsLocation": {
"city": "JHB / CPT",
"state": "Gauteng",
"country": "South Africa",
"countryId": "191"
},
"description": "<p><span style=\"font-weight: bold\">Job Description: Elastic Stack Engineer</span></p>\n<p><span style=\"font-weight: bold\">(Search & Observability)</span></p>\n<p><span style=\"font-weight: bold\">Role Overview</span></p>\n<p>As an Elastic / Observability & Security Platform Engineer, you will lead the design,</p>\n<p>implementation, monitoring and continuous improvement of our Elastic-based observability and security stack. You will take ownership of detection rules, watchers, ML-models, health monitoring of data streams, alerting frameworks, and tracking of data pipeline latency/integration times. You will work closely with data engineers, security operations, platform engineering, and business-units to ensure robust real-time monitoring, anomaly detection, alerting, and data integration observability.</p>\n<p><br><br></p>\n<p><span style=\"font-weight: bold\">Key Responsibilities</span></p>\n<p><span>•</span><br>Architect, deploy, configure and optimise the Elastic Stack (Elasticsearch, Kibana,</p>\n<p>Beats, Logstash, Elastic Machine Learning, Elastic Watcher/Alerting).</p>\n<p><span>•</span><br>Develop and maintain JSON-based configuration files, logic and pipelines for</p>\n<p>detection rules, watchers and alerting states.</p>\n<p><span>•</span><br>Design, build and operationalise machine-learning jobs within Elastic ML (e.g.,</p>\n<p>anomaly detection, forecasting, classification) for observability/security use-cases.</p>\n<p><span>•</span><br>Monitor, maintain and improve the health and performance of data-streams (logs,</p>\n<p>metrics, events, traces) ingesting into the Elastic cluster: ensure data freshness,</p>\n<p>minimal latency, correct mapping, index lifecycle management (ILM), shard</p>\n<p>management, and cluster health.</p>\n<p><span>•</span><br>Implement and maintain alerting/notification frameworks: watchers/triggers, custom</p>\n<p>alert-logic via JSON, integration with downstream systems (Slack, Teams,</p>\n<p>PagerDuty, email, webhook).</p>\n<p><span>•</span><br>Track and report on the integration time between upstream data sources and the</p>\n<p>Elastic ingestion pipeline (i.e., latency from source → pipeline → index →</p>\n<p>availability), diagnose and mitigate delays or bottlenecks.</p>\n<p><span>•</span><br>Develop dashboards, visualisations and reports in Kibana to communicate KPIs,</p>\n<p>SLAs (data-ingestion, alert-response, model accuracy), and to drive continuous</p>\n<p>improvement.</p>\n<p><span>•</span><br>Collaborate with data engineering, DevOps, security operations (SecOps), SRE and</p>\n<p>business stakeholders to define requirements and deliver effective</p>\n<p>observability/security solutions.</p>\n<p><span>•</span><br>Establish best‐practices, standards and documentation for JSON rule-configs,</p>\n<p>watchers, ML-jobs, dashboarding and monitoring.</p>\n<p><span>•</span><br>Participate in incident-response processes: support triage, root-cause analysis and feed</p>\n<p>learnings back into detection rules/ML jobs/monitoring.</p>\n<p><span>•</span><br>Stay up-to-date and contribute to improving the Elastic ecosystem in our</p>\n<p>environment: new features, upgrades, tuning, cost-optimisation, benchmark/scale</p>\n<p><span>testing.</span></p>\n<p><br><br></p>\n<p><span style=\"font-weight: bold\">Required Skills & Experience</span></p>\n<p><span>•</span><br>Strong hands-on experience with the Elastic Stack (Elasticsearch, Kibana, Beats,</p>\n<p>Logstash or equivalent ingestion pipelines) – you should be comfortable deploying,</p>\n<p>configuring and operating production Elastic clusters.</p>\n<p><span>•</span><br>Proficiency in writing and using <span style=\"font-weight: bold\">JSON configurations and logic</span> for detection rules,</p>\n<p>watchers, alerting frameworks, and monitoring pipelines.</p>\n<p><span>•</span><br>Experience building and operationalising Elastic Machine Learning jobs (anomaly</p>\n<p>detection, forecasting, classifications) and interpreting model output for</p>\n<p>observability/security use-cases.</p>\n<p><span>•</span><br>In-depth experience monitoring and maintaining the health of high-volume data</p>\n<p>streams: log/metric/event/tracing data, with attention to data latency, ingestion</p>\n<p>batching, pipeline failures, index lifecycle, and cluster resource optimisation.</p>\n<p><span>•</span><br>Experience designing end-to-end alerting workflows (trigger logic, thresholds, multi-</p>\n<p>condition rules, escalation, notification integration).</p>\n<p><span>•</span><br>Experience tracking and measuring <span style=\"font-weight: bold\">integration times</span> (data latency from source</p>\n<p>ingestion to availability in index/dashboards) and implementing improvements to</p>\n<p>reduce that latency.</p>\n<p><span>•</span><br>Strong scripting or programming ability (e.g., Python, Bash, or similar) to automate</p>\n<p>tasks, integrations or alert-logic.</p>\n<p><span>•</span><br>Strong analytical and problem-solving skills: ability to diagnose</p>\n<p>ingestion/pipeline/cluster issues, chain of events, root causes, and propose</p>\n<p>mitigations.</p>\n<p><span>•</span><br>Excellent communication skills: able to articulate detection logic, ML-model results,</p>\n<p>data‐latency issues and dashboards to technical and non‐technical stakeholders.</p>\n<p><span>•</span><br>Good understanding of DevOps/SRE practices (CI/CD, Infrastructure as Code,</p>\n<p>Monitoring, Logging, Alerting).</p>\n<p><span>•</span><br>Ability to document clearly: JSON rule setups, watchers, dashboards, models,</p>\n<p>runbooks.</p>\n<p><span>•</span><br>Bachelor’s degree in Computer Science, Information Systems or equivalent</p>\n<p>experience; or equivalent relevant industry experience.</p>\n<p><br><br></p>\n<p><span style=\"font-weight: bold\">Desirable / Bonus Skills</span></p>\n<p><span>•</span><br>Experience with elastic security (formerly SIEM) use‐cases using Elastic.</p>\n<p><span>•</span><br>Experience with other observability/tracing stacks (OpenTelemetry, Jaeger,</p>\n<p>Prometheus, Grafana) and integrating them into Elastic.</p>\n<p><span>•</span><br>Knowledge of cloud environments (AWS, Azure, GCP) and experience managing</p>\n<p>Elastic clusters in cloud or hybrid deployments.</p>\n<p><span>•</span><br>Experience with large scale index management, shard tuning, ILM policies, cluster</p>\n<p>scaling, and cost optimisation.</p>\n<p><span>•</span><br>Experience with advanced ML-techniques (unsupervised learning, time‐series</p>\n<p>forecasting, advanced feature engineering) applied to observability/security.</p>\n<p><span>•</span><br>Knowledge of security operations (SecOps) and detection use-cases: threat hunting,</p>\n<p>anomaly detection, SOC workflows.</p>\n<p><span>•</span><br>Familiarity with infrastructure instrumentation (logs, metrics, traces) and analysing</p>\n<p>telemetry from microservices/distributed systems.</p>",
"compensation": null,
"departmentId": null,
"locationType": "1",
"seekPromoted": false,
"jobCategoryId": null,
"jobOpeningName": "Elastic Stack Engineer",
"departmentLabel": "",
"jobOpeningStatus": "Open",
"minimumExperience": "Experienced",
"jobOpeningShareUrl": "https://urbansoft.bamboohr.com/careers/78",
"employmentStatusLabel": "Contractor"
}
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/a9c1fc602c948b738cb42359884be088d808fef4?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/5d1ca8f6-c307-4d51-94c2-d2fd730c1357JSONGET https://api.bluedoor.sh/job-postings/v1/sources/fab26e5b-ea67-47b0-a198-0fe75d082467JSONGET https://api.bluedoor.sh/job-postings/v1/jobs/a9c1fc602c948b738cb42359884be088d808fef4/eventsJSON