SIEM Engineer

SIEM Engineer

Salary: $133,000 - $166,000

About the Role

This role is ideal for a technically hands-on security engineer who wants to deepen expertise in SIEM technologies while contributing to scalable, high-quality detection and monitoring capabilities. You will support the implementation, enhancement, and daily operation of an enterprise SIEM platform, helping transform raw telemetry into reliable, actionable security insights.

As part of a collaborative cybersecurity organization, you will work closely with security operations, IT, cloud, infrastructure, and application teams to onboard log sources, improve detection logic, and increase visibility into the environment. This position offers meaningful technical ownership and the opportunity to grow within a mature security program.

What You ll Do

SIEM Engineering and Platform Support

• Support the deployment, configuration, and ongoing optimization of enterprise SIEM platforms such as Google Security Operations, Splunk, Exabeam, or Microsoft Sentinel.
• Help maintain platform performance, data integrity, and operational reliability.

Log Ingestion and Data Engineering

• Build and maintain log integrations using APIs, agents, syslog, and cloud-native logging services.
• Assist with normalization, parsing, and enrichment to ensure telemetry is usable for analysis and detection.

Cribl Pipeline Development

• Contribute to the design and support of Cribl pipelines, including routing, filtering, enrichment, and performance tuning.
• Help ensure efficient data flow and cost-conscious log management.

Detection and Use Case Development

• Partner with Security Operations teams to develop, tune, and maintain detection logic, correlation rules, and alerting strategies.
• Support ongoing improvements to detection coverage and signal quality.

Dashboards, Reporting, and Analytics

• Build and refine dashboards, saved searches, and reports that support SOC operations, investigations, and threat hunting.
• Enable meaningful visibility into security events and trends.

Documentation and Data Quality

• Assist with documenting SIEM architecture, data flows, onboarding standards, and operational procedures.
• Help define and monitor data quality expectations to ensure accurate and reliable telemetry.

Incident and Investigation Support

• Provide technical assistance during security incidents, supporting log analysis and event investigation.
• Assist responders with data access and contextual insights during active events.

Continuous Improvement and Learning

• Stay current with SIEM technologies, detection engineering techniques, and security analytics trends.
• Actively identify opportunities to improve tooling, processes, and data usage.

What You ll Bring

Experience and Background

• Bachelor s degree or equivalent professional experience.
• 3-5 years of experience in IT, engineering, or cybersecurity, including 2-3 years focused on SIEM, logging, or security analytics.

Technical Skills

• Hands-on experience with one or more SIEM platforms (Google SecOps, Splunk, Exabeam, Microsoft Sentinel, or similar).
• Experience or exposure to Cribl, including pipeline configuration and log onboarding.
• Familiarity with integrating log sources via APIs, syslog, agents, and cloud logging services.

Security and Analytics Knowledge

• Understanding of common security telemetry sources such as endpoint, network, identity, cloud, SaaS, and application logs.
• Experience creating dashboards, queries, and alerts to support security monitoring.

Technical Foundation

• Exposure to scripting or query languages such as SPL, KQL, Python, or Regex.
• Familiarity with cloud environments such as AWS, Azure, or Google Cloud Platform is a plus.

Collaboration and Mindset

• Ability to work effectively across security, IT, cloud, and application teams.
• Strong analytical thinking, attention to detail, and a proactive approach to problem solving.
• Clear communication skills and a desire to learn and grow in a technical security role.