Senior Security Engineer (SIEM)

Duties & Responsibilities Engineer and maintain SIEM ingestion pipelines, including data connectors, parsers, normalization, and enrichment across endpoint, network, cloud, identity, and app telemetry sources. Build, tune, and update detection rules, correlation logic, and analytics aligned to MITRE ATT&CK, threat intelligence, and evolving TTPs. Operate and enhance Cribl Stream and Cribl Edge pipelines for log routing, transformation, filtering, enrichment, and delivery optimization. Support onboarding of new log sources, including schema mapping, troubleshooting ingestion failures, and validating data quality and completeness. Assist in reducing false positives and improving signaltonoise through SIEM tuning, enrichment enhancements, and Cribl workflow adjustments. Develop queries, dashboards, and data models used by SOC and IR teams for investigations, monitoring, and hunting. Monitor telemetry ingestion metrics, SIEM health, license usage, and Cribl pipeline performance; identify and resolve operational issues. Perform investigation support by validating detections, analyzing telemetry gaps, and implementing fixes to improve future coverage. Mentor junior analysts and engineers on SIEM query languages (KQL/SPL), detection development, logging best practices, and Cribl pipeline fundamentals. Maintain SIEM and telemetry documentation including data dictionaries, ingestion maps, detection catalogs, and engineering runbooks. Requirements Basic Qualifications Proficient in various cybersecurity frameworks and standards. Experience with security tools such as SIEM, firewalls, and intrusion detection systems. Preferred Qualifications Relevant certifications (e.g., CISSP, CISM, CEH). Masters degree in Cybersecurity or related field.

4-6 years
Required Skills & Qualifications 10 year’s experience in an infrastructure engineering or DevOps role 4 years hands-on experience with Azure, GCP, or AWS 2 years hands on experience engineering Kubernetes solutions and associated ecosystems Strong background in automation with modern automation tools like Terraform, Packer, and Puppet. Demonstrated abilities managing code and other project files with Git CI/CD experience with modern tooling like Jenkins or Azure DevOps Strong understanding of cloud networking concepts (Virtual Private Networks, Software Defined Networking, Network and Application Load Balancers, DNS, API Gateways, Routing). Solid grasp of cloud security principles and compliance standards. Proficiency in Linux and Windows system administration. Understanding of GitOps Excellent problem-solving and communication skills. Bachelor’s degree in computer science, engineering, or related field. Preferred Qualifications Certified Kubernetes Administrator (CKA) or Certified Kubernetes Application Developer (CKAD) certification Certifications in cloud technologies (e.g., AWS Certified Solutions Architect, Azure Administrator, etc). Experience with monitoring tools (e.g., Prometheus, Grafana). Familiarity with scripting languages (e.g., Bash, Python, PowerShell). Hands on experience with modern GitOps tools such as FluxCD or ArgoCD