Job Description

Duties & Responsibilities

  • Architect and optimize SIEM platforms (e.g., Microsoft Sentinel, Splunk), including ingestion pipelines, parsing/normalization, enrichment, and correlation logic. 
  • Engineer and operate Cribl Stream and Cribl Edge for log routing, filtering, transformation, enrichment, data reduction, and destination fanout (SIEM, data lake, cold storage). 
  • Design and maintain telemetry onboarding with schema mapping, collectors/agents, connectors, API integrations, replay, and edge collection for diverse sources (endpoint, network, cloud, identity, app). 
  • Develop advanced detections and analytics (rules, queries, correlations) aligned to MITRE ATT&CK, emerging TTPs, and threat intelligence; measure detection efficacy and coverage. 
  • Lead systematic alert tuning to reduce false positives and improve signaltonoise, leveraging Cribl pipelines and SIEM analytics to standardize high-fidelity events. 
  • Build investigation assets (dashboards, hunting queries, data models) that accelerate SOC workflows and rootcause analysis across telemetry domains. 
  • Monitor ingestion health and cost (EPS/GB/day, license utilization), implement Criblbased data controls (sampling, routing, suppression) to ensure reliability and budget adherence. 
  • Perform RCA on detection gaps and pipeline failures; implement durable fixes in Cribl routes/pipelines and SIEM parsing/enrichment layers. 
  • Mentor engineers and analysts on KQL/SPL, detection engineering patterns, Cribl pipeline design, and telemetry best practices; conduct peer reviews and standards governance. 
  • Maintain documentation: data dictionaries, detection catalogs, Cribl pipeline/runbooks, ingestion maps, and metrics reporting on coverage, fidelity, MTTR, and pipeline SLOs.


Requirements

Basic Qualifications

  • Solid understanding of network protocols, data protection mechanisms, and threat landscapes
  • Hands-on experience with security systems, including firewalls, intrusion detection systems, anti-virus software, etc.


Preferred Qualifications

  • Industry-recognized certifications (e.g., CISSP, CISM, CEH)
  • Master’s degree in Cybersecurity or a related field



Apply for this Position

Ready to join ? Click the button below to submit your application.

Submit Application