SIEM Engineer Position - Remote

Position: SIEM Engineer Sentinel One Data Lake (Splunk Migration)

Location: Remote
Job Type: Contract

Overview:

We are seeking an experienced SIEM Engineer to lead our log analytics and detection infrastructure migration from Splunk to Sentinel One Data Lake. This role is pivotal in redefining our security telemetry ingestion, detection engineering, and analytics workflows using Sentinel One s native data lake and Singularity platform.

Key Responsibilities:

• Migration Strategy & Execution:
• Design and implement a phased migration plan from Splunk to Sentinel One Data Lake.
• Map existing Splunk use cases, saved searches, alerts, dashboards, and data models to Sentinel One equivalents.
• Translate Splunk SPL queries into Sentinel One Data Lake query language (e.g., XDR Query Language - XQL).
• Data Ingestion & Normalization:
• Configure and onboard log sources (endpoint, firewall, cloud, identity, etc.) into Sentinel One Data Lake.
• Ensure data is normalized and enriched to support threat detection and compliance use cases.
• Use Cribl, Syslog, or Sentinel One native ingestion pipelines to transition data flow.

Required Skills & Experience:

• 7+ years of experience in SIEM engineering or security operations.
• 3+ years of hands-on experience with Splunk (including SPL, dashboards, and Ingestion).
• Strong knowledge of Sentinel One Singularity Data Lake and XQL (preferred).
• Familiarity with log source types: EDR, NDR, firewall, email security, identity logs, cloud APIs (AWS, Azure, Google Cloud Platform).
• Experience with Cribl or other log routing/optimization tools.