Coralogix Engineer

We are seeking an experienced Coralogix SIEM Engineer to serve as the hands-on technical owner. The engineer will plan, implement, configure, and maintain the instance within a multi-tenant Coralogix organization shared across multiple SOCs. This role must be fluent in both Coralogix platform administration and federal regulatory constraints. Beyond Coralogix platform ownership, this role will contribute to the broader SecOps technology stack strategy, helping the SOC evolve its security operations capabilities across detection, incident management, and platform integration.

Responsibilities
1. Coralogix Platform Administration. As full Platform Administrator within the shared multi-tenant SOC organization
2. Enterprise Log Collection Pipeline Architecture & Operations. Design, implement, and maintain log collection pipelines for multiple networks with distinct architectural constraints
3. Detection Engineering.
4. Incident Management & SLA Instrumentation
5. SecOps Technology Stack Contribution

Qualifications
Experience
* 10+ years of hands-on cybersecurity engineering experience, with at least 5 years in SIEM platform engineering, administration, or log management.
* Demonstrable, hands-on Coralogix experience-including platform administration, DataPrime query language, alert development (threshold, anomaly, flow, ratio), Parsing Rules engineering, TCO Optimizer configuration, and log pipeline design.
* Proven experience architecting and managing enterprise-scale logging pipelines, including OpenTelemetry Collector (OTEL) deployment in agent/gateway models.
* Experience onboarding and integrating diverse log sources: cloud-native APIs (AWS CloudTrail, VPC Flow Logs, S3/SNS/SQS), Kubernetes/EKS workloads, Windows/Linux endpoints, and network/security appliances (Palo Alto, Check Point, NetScaler, Citrix).
* Experience designing log pipelines with data masking, field redaction, or sensitive data handling requirements.
Technical Skills
* Coralogix: DataPrime, GROK/regex Parsing Rules, alert types (threshold/anomaly/flow/ratio/metric), TCO Optimizer, Subsystem/Scope/RBAC administration, SSO/SAML configuration, API key management, Cases, SLO configuration, Olly AI agent, Streama ML.
* Log collection: OpenTelemetry Collector, Fluentd, Fluent Bit, or equivalent; reverse proxy architectures (Caddy 2, Nginx) for constrained-network log forwarding.
* cx_security log normalization schema and Coralogix Integration/Extension Package deployment.
* AWS logging architecture: CloudTrail, VPC Flow Logs, CloudWatch, S3-based log delivery, SNS/SQS event pipelines.
* Endpoint telemetry: Windows Event Logs (Sysmon, WEF), Linux auditd, EDR log integration.
* Network/security appliance log sources: Palo Alto (PAN-OS), Check Point, NetScaler/Citrix.
* Scripting and automation: Python, Bash, or equivalent for pipeline tooling, API integrations, and operational scripting.
* Federal logging requirements: OMB M-21-31 logging tiers, NIST 800-53 AU controls, audit log management.
* Experience operating in federal or regulated environments with multi-tenant data isolation requirements.
* Understanding of NIST RMF, ATO processes, and ISSO collaboration in federal cybersecurity programs.
Desired Qualifications:
* Experience with SOAR platforms and webhook-based alert orchestration integrated with Coralogix (ServiceNow, PagerDuty, Jira, Slack).
* Familiarity with AWS GovCloud logging architecture, cross-account log aggregation, and FedRAMP-compliant configurations.
* Experience with UEBA platforms (e.g., Exabeam) and integrating behavioral analytics output with SIEM normalization pipelines.
* Knowledge of MITRE ATT&CK framework and its application to detection coverage mapping and gap analysis.
* Experience supporting ATO/RMF processes, security control assessments, or security authorization activities.
* Prior experience in DoED, DoD, Federal HVA, or IRS/FTI-regulated environments.
* Relevant certifications such as:
o Coralogix Certified Engineer or equivalent platform certification
o GIAC GCED, GCIH, GCIA, or similar security operations certifications
o AWS Security Specialty or equivalent cloud security certification
o CISSP, CISM, or Security+ (supplementary)
* Demonstrated ability to communicate technical platform decisions to non-technical stakeholders and drive adoption across a matrixed program organization.

Dexian stands at the forefront of Talent + Technology solutions with a presence spanning more than 70 locations worldwide and a team exceeding 10,000 professionals. As one of the largest technology and professional staffing companies and one of the largest minority-owned staffing companies in the United States, Dexian combines over 30 years of industry expertise with cutting-edge technologies to deliver comprehensive global services and support.

Dexian connects the right talent and the right technology with the right organizations to deliver trajectory-changing results that help everyone achieve their ambitions and goals. To learn more, please visit .

Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.