Justin Ibarra is a Principal Detection Architect with 10+ years of experience designing and operationalizing threat detection across endpoints, cloud, and SIEM platforms. He built and led Elastic’s Threat Research and Detection Engineering team, creating detections-as-code frameworks, CI/CD pipelines for detection artifacts, and large-scale validation pipelines that bridge research and production. A hands-on researcher and engineer, Justin has contributed detection logic and documentation to prominent open-source Elastic projects (security-docs, detection-rules, kibana), automating rule generation and release workflows to improve rule portability and adoption. His background spans military cyber operations to enterprise SOC leadership, giving him a pragmatic, adversary-informed perspective on threat emulation and detection efficacy. Known for translating red-team emulations into atomic tests and robust detection pipelines, he focuses on measurable coverage and repeatable validation rather than purely theoretical research.
10 years of coding experience
12 years of employment as a software developer
Strategic and Tactical Satellite Systems | Network and Military Operations, Strategic and Tactical Satellite Systems | Network and Military Operations at US Army Signal School
University of Texas at San Antonio
Associate in Applied Science (AAS) Applied Electronics Studies, Associate in Applied Science (AAS) Applied Electronics Studies at Thomas Edison State University
Contributions:15 releases, 2446 reviews, 528 commits in 2 years 4 months
Contributions summary:Justin primarily contributed to the development and maintenance of security detection rules within the repository, focusing on threat detection and hunting. Their work involved modifying the rule definitions, incorporating new rule types (e.g., threshold rules), and integrating support for features like Elasticsearch. They also introduced new functionality such as generating index files for easier rule import into Elasticsearch and providing GitHub release management features for the packages.
Contributions:57 reviews, 41 commits, 74 PRs in 2 years 2 months
Contributions summary:Justin's commits primarily focus on adding and updating detection rules within the Kibana security solution. Their work involves modifying TypeScript files related to prepackaged rules, indicating a focus on enhancing threat detection capabilities. They introduced rules for various versions (7.15, 7.16, 8.0, 8.1, 8.2, 8.3, 8.4) by updating the rule definitions. These rules appear related to threat detection and security best practices based on the file names and commit messages, with a focus on Elastic Stack integration.
elasticdashboardskibanaobservabilitywindow
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Justin Ibarra - Principal Detection Architect at SentinelOne