Cyber Security Platform Engineer – Cyber Defense

This is a fully remote position, open to applicants in Michigan.

📋 Description

• Design and implement scalable, cloud-native SIEM solutions by applying Infrastructure-as-Code principles to oversee log ingestion pipelines and storage.

• Create and sustain reliable data pipelines to ingest, transform, and normalize security logs from various endpoints (APIs, cloud platforms, firewalls) into the SIEM, ensuring high data integrity and minimal latency.

• Develop and enhance custom parsers utilizing Regex and scripting languages to align raw log data with standardized security models, guaranteeing uniform data structures for analysis.

• Program custom integrations that link third-party tools and streaming data sources to the SIEM through REST APIs and webhooks.

• Partner with DevOps and Application teams to establish logging standards and integrate security telemetry requirements early in the software development lifecycle (SDLC).

• Oversee the entire lifecycle of the SIEM platform, including health monitoring, addressing ingestion failures, and debugging parsing errors to ensure continuous availability.

• Proactively assess ingestion volume against capacity limits to pinpoint optimization opportunities, implementing precise log tuning and exclusion rules that reduce licensing costs and enhance the signal-to-noise ratio.

• Develop automated provisioning workflows using Infrastructure as Code (IaC) to programmatically manage both the foundational infrastructure and complex IAM policies that support the security platforms.

⛳️ Requirements

• Bachelor’s degree in Computer Science, Cyber Security, Information Systems, or a related field.

• 6+ years of comprehensive software engineering experience.

• 2+ years of technical experience in designing and maintaining scalable security data architectures.

• Proficient in configuring cloud-native security and SIEM/SOAR platforms.

• Familiarity with security logging, data sources, log parsing and tuning, as well as industry best practices for log ingestion.

• Experience in managing cloud-native security platforms, focusing on platform health, troubleshooting configuration issues, and handling complex IAM roles to ensure precise access control.

• 2+ years of practical development experience on cloud-native platforms, preferably Google Cloud Platform.

• **Even better, you may have...**

• Proficiency in scripting languages such as Python, Go, Java, or Bash for automation, data manipulation, and integration tasks.

• Hands-on experience in establishing CI/CD pipelines using OpenShift Tekton, GitHub Actions, or similar tools.

• Knowledge of secure coding principles.

• Experience in setting up serverless functions with GCP Cloud Run or Cloud Functions, and configuring the respective services for scalability.

• Strong understanding of system design principles covering reliability, availability, and scalability.

• Experience in configuring logging and monitoring services (Dynatrace, GCP Ops Suites).

• In-depth knowledge of network security, log analysis, threat detection, and incident response.

• Familiarity with RESTful APIs, data integration techniques, and infrastructure-as-code tools (e.g., Terraform, Ansible).

🏝️ Benefits

• Immediate medical, dental, and prescription drug coverage.

• Flexible family care options, parental leave, new parent ramp-up programs, subsidized back-up child care, and more.

• Vehicle discount program available for employees and their family members, along with management leases.

• Tuition assistance for further education.

• Active and established employee resource groups.

• Paid time off for both individual and team community service initiatives.

• A generous schedule of paid holidays, including the week between Christmas and New Year’s Day.

• Paid time off with the option to purchase additional vacation time.