Lead Security Engineer (SIEM)

Duties & Responsibilities Architect and optimize SIEM platforms (e.g., Microsoft Sentinel, Splunk), including ingestion pipelines, parsing/normalization, enrichment, and correlation logic. Engineer and operate Cribl Stream and Cribl Edge for log routing, filtering, transformation, enrichment, data reduction, and destination fanout (SIEM, data lake, cold storage). Design and maintain telemetry onboarding with schema mapping, collectors/agents, connectors, API integrations, replay, and edge collection for diverse sources (endpoint, network, cloud, identity, app). Develop advanced detections and analytics (rules, queries, correlations) aligned to MITRE ATT&CK, emerging TTPs, and threat intelligence; measure detection efficacy and coverage. Lead systematic alert tuning to reduce false positives and improve signaltonoise, leveraging Cribl pipelines and SIEM analytics to standardize high-fidelity events. Build investigation assets (dashboards, hunting queries, data models) that accelerate SOC workflows and rootcause analysis across telemetry domains. Monitor ingestion health and cost (EPS/GB/day, license utilization), implement Criblbased data controls (sampling, routing, suppression) to ensure reliability and budget adherence. Perform RCA on detection gaps and pipeline failures; implement durable fixes in Cribl routes/pipelines and SIEM parsing/enrichment layers. Mentor engineers and analysts on KQL/SPL, detection engineering patterns, Cribl pipeline design, and telemetry best practices; conduct peer reviews and standards governance. Maintain documentation: data dictionaries, detection catalogs, Cribl pipeline/runbooks, ingestion maps, and metrics reporting on coverage, fidelity, MTTR, and pipeline SLOs. Requirements Basic Qualifications Solid understanding of network protocols, data protection mechanisms, and threat landscapes Hands-on experience with security systems, including firewalls, intrusion detection systems, anti-virus software, etc. Preferred Qualifications Industry-recognized certifications (e.g., CISSP, CISM, CEH) Masters degree in Cybersecurity or a related field

6-8 years
Required Skills & Qualifications 10 year’s experience in an infrastructure engineering or DevOps role 4 years hands-on experience with Azure, GCP, or AWS 2 years hands on experience engineering Kubernetes solutions and associated ecosystems Strong background in automation with modern automation tools like Terraform, Packer, and Puppet. Demonstrated abilities managing code and other project files with Git CI/CD experience with modern tooling like Jenkins or Azure DevOps Strong understanding of cloud networking concepts (Virtual Private Networks, Software Defined Networking, Network and Application Load Balancers, DNS, API Gateways, Routing). Solid grasp of cloud security principles and compliance standards. Proficiency in Linux and Windows system administration. Understanding of GitOps Excellent problem-solving and communication skills. Bachelor’s degree in computer science, engineering, or related field. Preferred Qualifications Certified Kubernetes Administrator (CKA) or Certified Kubernetes Application Developer (CKAD) certification Certifications in cloud technologies (e.g., AWS Certified Solutions Architect, Azure Administrator, etc). Experience with monitoring tools (e.g., Prometheus, Grafana). Familiarity with scripting languages (e.g., Bash, Python, PowerShell). Hands on experience with modern GitOps tools such as FluxCD or ArgoCD