Senior Security Engineer (SIEM/Cribl) - Northeast region (Remote)

View full description

Requirements:

• 5+ years of experience in security engineering, with a primary focus on SIEM platforms.
• Hands-on experience with at least two of the following SIEM platforms: Splunk, Elastic, Microsoft Sentinel, Google SecOps, CrowdStrike NG-SIEM, LogScale
• 2+ years of experience with Cribl or similar observability pipeline tools (e.g., Logstash, Fluentd, Kafka).
• Strong knowledge of log formats, data normalization, and event correlation.
• Familiarity with detection engineering, threat modeling, and MITRE ATT&CK framework.
• Proficiency with scripting (e.g., Python, PowerShell, Bash) and regular expressions.
• Deep understanding of logging from cloud (AWS, Azure, GCP) and on-prem environments.

Responsibilities:

• Architect, implement, and maintain SIEM solutions
• Design and manage log ingestion pipelines using tools such as Cribl Stream, Edge, or Search
• Optimize data routing, enrichment, and filtering to improve SIEM efficiency and cost control.
• Collaborate with cybersecurity, DevOps, and cloud infrastructure teams to integrate log sources and telemetry data.
• Develop custom parsers, dashboards, correlation rules, and alerting logic for security analytics and threat detection.
• Maintain and enhance system reliability, scalability, and performance of logging infrastructure.
• Provide expertise and guidance on log normalization, storage strategy, and data retention policies.
• Lead incident response investigations and assist with root cause analysis leveraging SIEM insights.
• Mentor junior engineers and contribute to strategic security monitoring initiatives.