Principal Cribl Engineer | Remote, USA

View full description

Requirements:

• 2+ years of experience of Cribl Administration
• 2+ years professional experience managing and maintaining observability platforms.
• Ability to deal confidently with complex technical problems.
• Knowledge of security logging for Linux, Windows, major EDRs, Firewalls, & Active Directory.
• Expertise in delivering large-scale systems using big data technologies including but not limited to: Enterprise-scale Kafka, Splunk, TSDB, etc.
• Previous experience working with Cloud (AWS, Azure, GCP)
• The ability to aggregate and analyze logs from various deployed security devices.
• Experience with various security products/technologies such as: Devo, Chronicle, EDR, XDR, Exabeam, Sentinel, QRadar, Splunk, LogRhythm, Securonix, Elastic, RSA NetWitness, SumoLogic, and infrastructure components such as proxies, firewalls, IDS/IPS, DLP etc.

Responsibilities:

• Act as a point of escalation for other Engineers and provide guidance and mentoring.
• Assist with client transition and onboarding serve as primary point of contact for Managed Security Service clients.
• Explain and demonstrate how to use observability products to both technical and relatively non-technical personnel.
• Implement, configure, and maintain SIEM software and appliance-based products in large enterprise and Government environments.
• Develop, deploy and tune SIEM content such as correlation rules, dashboards, reports, and models.
• Provide escalation support to Tier 1 for Authorized Support Customers, following processes and interacting appropriately with both customers and partners when required.