Senior XDR/SIEM Engineer - REMOTE

Overview

Remote
Depends on Experience
Contract - W2
Contract - 12 Month(s)

Skills

XDR
SIEM
CrowdStrike
CrowdStrike Falcon platform

Job Details

Job Title: Senior XDR/SIEM Engineer CrowdStrike Platform Specialist

Location: 100% Remote

Summary:

We are seeking a highly skilled Senior XDR/SIEM Engineer with deep expertise in the CrowdStrike Falcon platform, XDR integrations, and SIEM correlation engineering. The ideal candidate will have a strong background in security operations, threat detection, log correlation, and SOC use case development, and will play a critical role in architecting and advancing our detection, response, and visibility capabilities.

Key Responsibilities:

CrowdStrike XDR & SIEM Integration:

  • Architect, implement, and manage integrations between CrowdStrike Falcon XDR and enterprise SIEM platforms (e.g., Splunk, Sentinel, QRadar, Exabeam).
  • Customize and tune Falcon data ingestion and enrichment within SIEM tools to maximize visibility and performance.
  • Enable bi-directional use of Falcon telemetry and enrichments to power detection workflows and incident response.

Security Use Case Engineering:

  • Design and implement advanced security use cases and detection logic tailored to evolving threat landscapes.
  • Build behavioral, anomaly-based, and threat intel-driven correlation rules within SIEM based on Falcon telemetry.
  • Continuously improve use cases through purple teaming, threat hunts, and MITRE ATT&CK-based assessments.

Detection Engineering & Threat Content Development:

  • Develop custom detections using Falcon s APIs, custom IOAs, and Falcon Fusion workflows.
  • Build and maintain custom dashboards, alerts, queries, and reports for SOC use.
  • Leverage CrowdStrike s Threat Graph, Intelligence, and Identity Protection modules to develop contextual detections.

SOC & Incident Response Enablement:

  • Partner with the SOC to streamline alert triage, response, and escalation processes.
  • Develop playbooks and enrichment pipelines (via SOAR or Falcon Fusion) for automated investigation and response.
  • Provide subject matter expertise to help SOC analysts interpret complex detection scenarios.

Data Governance & Telemetry Optimization:

  • Ensure log sources feeding into Falcon and SIEM are optimized for cost, performance, and security coverage.
  • Work with internal teams (cloud, endpoint, network) to onboard and normalize new telemetry feeds.
  • Manage log filtering, field mapping, and transformation pipelines to ensure SIEM efficiency.

Metrics, Reporting & Compliance:

  • Support audit and compliance efforts by ensuring appropriate visibility, detections, and log retention policies.
  • Produce regular reports on detection efficacy, false positives, and alert volumes.
  • Participate in red/blue team exercises and ensure gaps are closed in detection logic.

Must-Have Skills:

  • 5+ years of experience in SIEM engineering and security analytics.
  • 3+ years hands-on experience with CrowdStrike Falcon, including XDR integrations, API usage, and detection tuning.
  • Strong experience in security correlation rule development using tools like Splunk SPL, Kusto (Sentinel), or QRadar AQL.
  • Deep knowledge of MITRE ATT&CK, threat detection frameworks, and advanced persistent threat behavior.
  • Experience with SOAR platforms (e.g., XSOAR, Splunk SOAR, CrowdStrike Fusion workflows).

Preferred/Bonus Skills:

  • CrowdStrike Certified Falcon Administrator (CCFA), CrowdStrike Certified Falcon Responder (CCFR), or similar.
  • Experience with EDR/XDR telemetry from other platforms (SentinelOne, Microsoft Defender, etc.) for cross-tech context.
  • Familiarity with data lakes (e.g., Snowflake, Chronicle), UEBA, and Identity Threat Detection.
  • Python or scripting experience for automation and custom enrichment logic.
  • Experience in multi-cloud security monitoring (AWS, Azure, Google Cloud Platform).
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About Vailexa Technology LLC