SIEM Engineer
Remote • Posted 10 hours ago • Updated 10 hours ago
Vailexa Technology LLC
Dice Job Match Score™
🔢 Crunching numbers...
Job Details
Skills
- Splunk
- Migration
- Security Operations
- Python
- Email Security
- Data Lake
- Cloud Computing
- Amazon Web Services
- SIEM
Summary
Position: SIEM Engineer – Sentinel One Data Lake (Splunk Migration)
Location: 100% Remote
Duration: 12 months
Job Description:
We are seeking an experienced SIEM Engineer to lead our log analytics and detection infrastructure migration from Splunk to Sentinel One Data Lake. This role is pivotal in redefining our security telemetry ingestion, detection engineering, and analytics workflows using Sentinel One’s native data lake and Singularity platform.
Key Responsibilities:
- Migration Strategy & Execution:
Design and implement a phased migration plan from Splunk to Sentinel One Data Lake.
Map existing Splunk use cases, saved searches, alerts, dashboards, and data models to Sentinel One equivalents.
Translate Splunk SPL queries into Sentinel One Data Lake query language (e.g., XDR Query Language - XQL).
- Data Ingestion & Normalization:
Configure and onboard log sources (endpoint, firewall, cloud, identity, etc.) into Sentinel One Data Lake.
Ensure data is normalized and enriched to support threat detection and compliance use cases.
Use Cribl, Syslog, or Sentinel One native ingestion pipelines to transition data flow.
Required Skills & Experience:
- 7+ years of experience in SIEM engineering or security operations.
- 3+ years of hands-on experience with Splunk (including SPL, dashboards, and Ingestion).
- Strong knowledge of Sentinel One Singularity Data Lake and XQL (preferred).
- Familiarity with log source types: EDR, NDR, firewall, email security, identity logs, cloud APIs (AWS, Azure, Google Cloud Platform).
- Experience with Cribl or other log routing/optimization tools.
Required:
- Deep familiarity with XQL syntax, operators, filters, and joins.
Primary Skill:
- Filtering and transforming data (where, extract, project, parse_json)
- Aggregations and stats (count, avg, sum, group by)
- Time-series functions and windowing
- Working with nested fields (common in EDR/NDR data)
- Compared to Kusto Query Language (KQL), KQL knowledge is transferable.
- Python
Highly Recommended:
- For building custom integrations, automation, or data pipelines with Sentinel One API
- XQL (XDR Query Language) - XQL is a proprietary query language used to query data in SentinelOne’s Singularity Data Lake. It is inspired by Kusto Query Language (KQL), so KQL experience is directly transferable.
- PowerShell
- JavaScript/Node.js or Bash
If you’re interested in this opportunity, please send your updated resume to We look forward to connecting with you!
- Dice Id: 91142526
- Position Id: 8891199
- Posted 10 hours ago
Company Info
Preferred by our clients for more than a year, Vailexa is one of the leading staffing solutions, workforce solutions, consulting, and enterprise results in immediate productivity, improve mentioned work culture, and an unwavering commitment to customer satisfaction.
We provide services in multiple domains such as IT Staffing, Healthcare Staffing, Consulting & Modern Enterprise Solution, and Workforce Solutions for organizations of all nature, ownership, and business verticals. We have experience in designing, developing, and delivering customized personnel solutions to meet your unique needs.
Established in 2020, Vailexa has made a mark in a short period, all due to our quality and a vast range of services. We have now become the preferred recruitment, workforce solutions, and staffing partners of many enterprises in many business verticals.
Never miss an opportunity! Create an alert based on the job you applied for.Similar Jobs
It looks like there aren't any Similar Jobs for this job yet.
Search all similar jobs
