Senior Security Engineer (SIEM)

• Engineer and maintain SIEM ingestion pipelines, including data connectors, parsers, normalization, and enrichment across endpoint, network, cloud, identity, and app telemetry sources. 
  
• Build, tune, and update detection rules, correlation logic, and analytics aligned to MITRE ATT&CK, threat intelligence, and evolving TTPs. 
  
• Operate and enhance Cribl Stream and Cribl Edge pipelines for log routing, transformation, filtering, enrichment, and delivery optimization. 
  
• Support onboarding of new log sources, including schema mapping, troubleshooting ingestion failures, and validating data quality and completeness. 
  
• Assist in reducing false positives and improving signaltonoise through SIEM tuning, enrichment enhancements, and Cribl workflow adjustments. 
  
• Develop queries, dashboards, and data models used by SOC and IR teams for investigations, monitoring, and hunting. 
  
• Monitor telemetry ingestion metrics, SIEM health, license usage, and Cribl pipeline performance; identify and resolve operational issues. 
  
• Perform investigation support by validating detections, analyzing telemetry gaps, and implementing fixes to improve future coverage. 
  
• Mentor junior analysts and engineers on SIEM query languages (KQL/SPL), detection development, logging best practices, and Cribl pipeline fundamentals. 
  
• Maintain SIEM and telemetry documentation including data dictionaries, ingestion maps, detection catalogs, and engineering runbooks.
  

Requirements

• Proficient in various cybersecurity frameworks and standards.
  
• Experience with security tools such as SIEM, firewalls, and intrusion detection systems.
  

• Relevant certifications (e.g., CISSP, CISM, CEH).
  
• Master’s degree in Cybersecurity or related field.