Engineer, monitor, and maintain the operational health and resiliency of SIEM platforms including Splunk Enterprise/Cloud and Microsoft Sentinel.
Implement SIEM platform resiliency controls including cluster monitoring, ingestion latency tracking, and workload distribution optimizations.
Monitor, maintain, and troubleshoot the data ingestion pipeline including Kafka clusters, Cribl pipelines, Splunk Forwarders, and Sentinel connectors.
Develop dashboards for pipeline throughput, message lag, schema drift, and end-to-end data quality validation.
Manage and enforce data SLIs/SLOs across freshness, completeness, correctness, and availability.
Ensure proper CIM/OCSF/CEF normalization and enrichment for all security-relevant data sources.
Oversee the Anvilogic content management platform including rule execution health, version control, and analytics dependency monitoring.
Develop unified observability dashboards covering SIEM platform state, ingestion health, detection pipeline execution, and analytic reliability.
Serve as escalation point for SIEM data outages, ingestion failures, analytic misfires, and platform degradations.
Collaborate with operational and engineering teams to design and enhance security detections, analytics, and proactive defenses.
Write, optimize, and maintain SPL, KQL, and other query languages to support analytics, threat detection, and investigations.
Support Model Risk Management (MRM) efforts to describe AI or ML Models in use by any of our SIEM Technologies.

Requirements

6+ years experience in Security Operations, SIEM Engineering, Detection Engineering, Incident Response, or related enterprise disciplines.
Hands-on experience with Splunk Enterprise/Cloud and Microsoft Sentinel in large-scale environments.
Experience with Kafka, Cribl, Databricks, Hadoop, Python, SQL, Pandas, Spark, or similar data platforms.
Experience mapping log sources into structured models such as CIM, OCSF, CEF.
Ability to troubleshoot complex SIEM ingestion, data quality, and infrastructure performance issues.
Experience with EDR, SIEM, SOAR, and other enterprise-scale cybersecurity tools.
Ability to manage competing priorities, drive consensus, and deliver results across distributed teams.

Benefits

Pay range $150,000.00 - $190,700.00 annualized salary, offers to be determined based on experience, education and skill set.
Discretionary incentive eligible.
This role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SIEM engineeringdata ingestion pipelineSPLKQLPythonSQLPandasSparkKafkaCribl

Soft Skills

troubleshootingmanaging competing prioritiesdriving consensusdelivering results