Security Engineer, Splunk

This is a fully remote position, open to applicants in United States.

📋 Description

• Oversee and manage SIEM solutions (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in cloud environments (AWS, Azure, GCP) to fulfill FedRAMP continuous monitoring obligations.

• Sustain and support SIEM platforms (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in AWS, Azure, and GCP environments for ongoing monitoring and compliance purposes.

• Administer and uphold log collection infrastructure, including forwarders, collectors, and ingestion pipelines across hybrid environments.

• Assist in SIEM performance tuning, storage management, retention policies, and licensing optimization in accordance with established operational guidelines.

• Establish and maintain log retention and audit configurations that comply with FedRAMP and other regulatory frameworks.

• Design, refine, and uphold detection rules, correlation searches, and alerting mechanisms to recognize security incidents.

• Develop and maintain custom parsers and field extractions for complex or proprietary log sources.

• Minimize false positives through continuous rule optimization, baseline assessments, and enhancements in detection strategies.

• Engage in peer reviews of detection rules and modifications to SIEM configurations.

• Monitor SIEM alerts and probe security incidents to assist in incident response and threat hunting efforts.

• Contribute to the creation and upkeep of detection and response playbooks and operational procedures.

• Aid in troubleshooting SIEM ingestion, parsing, and performance challenges.

• Collaborate with infrastructure and application teams to integrate new log sources and enhance security visibility.

• Gather and organize SIEM control evidence and artifacts for audits and 3PAO assessment processes.

• Ensure SIEM configurations meet necessary controls such as audit reviews, log integrity, and time synchronization.

• Create and maintain documentation related to SIEM architecture, detection strategies, operational processes, and runbooks.

• Provide technical support during client reviews and operational meetings as needed.

• Share expertise and mentor junior team members.

• Contribute to initiatives aimed at process improvement and automation within SIEM and detection workflows.

⛳️ Requirements

• A minimum of 3 years of practical experience in systems engineering and architecture, including requirements definition, architecture creation, use-case/story development, and systems integration/testing.

• At least 3 years of experience in cloud architecture, design, implementation, operations, and automation (AWS, Azure, or GCP).

• Established proficiency with SIEM platforms (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) and enterprise antivirus (AV) solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender).

• Familiarity with AWS, Azure, or GCP platform capabilities, ideally as a Cloud Architect, Cloud DevOps Engineer, or Cloud Security Engineer.

• Experience collaborating in Agile environments with technical teams consisting of three or more members.

• Strong communication, organizational, and problem-solving capabilities, with a talent for clearly conveying complex technical information.

• Excellent documentation skills for producing technical diagrams, written descriptions, and other supporting documentation.

• Proven ability to work independently and collaboratively within a team, while maintaining a professional demeanor.

• Critical thinking skills to balance stringent security requirements with mission objectives.

• A successful track record of adapting quickly and efficiently in fast-paced, dynamic settings.

• Documented experience in delivering comprehensive SIEM solutions in large-scale or high-compliance environments, from initial design to operational handover.

• Hands-on leadership or senior-level involvement in cloud security projects, collaborating with cross-functional teams (e.g., DevOps, architecture, compliance) to achieve significant security outcomes.

• Proven history of integrating multiple security tools (SIEM, AV, intrusion detection systems, etc.) into a unified, enterprise-wide monitoring solution.

• Experience working under stringent regulatory or industry frameworks (e.g., FedRAMP, HIPAA, PCI), ensuring solutions meet necessary standards without compromising performance.

• Demonstrable client-facing experience in a consulting or services role, maintaining professionalism and clear communication in high-pressure or fast-paced situations.

• Splunk Enterprise Certified Admin *or* SumoLogic Administration *or* Microsoft Security Operations Analyst Associate.

• AWS Solutions Architect Professional *or* AWS DevOps Engineer Professional *or* Azure Solutions Architect Expert *or* GCP Cloud Architect.

• Bachelor’s degree or equivalent professional experience.

• US citizenship (required due to client contractual obligations).

🏝️ Benefits

• Paid parental leave.

• Flexible time off.

• Certification and training reimbursement.

• Digital mental health and wellbeing support membership.

• Comprehensive insurance options.