Key skills
CloudSplunkLeadership
About this role
Role Overview
- Design, implement, and operate SIEM capabilities using CrowdStrike NGSIEM
- Lead onboarding of new log sources, including development of custom parsers, field normalization, and data validation
- Build, tune, and maintain detection rules, correlation logic, and alerting aligned with real-world threats and MITRE ATT&CK
- Create and maintain dashboards and visualizations to support SOC operations, leadership reporting, and compliance requirements
- Use CrowdStrike Query Language (CQL) for advanced investigations, threat hunting, and data analysis
- Design and manage log ingestion pipelines using Cribl, including routing, enrichment, filtering, and transformation
- Develop and maintain automation and API-based integrations to streamline data onboarding, detection deployment, and operational workflows
- Partner with SOC analysts, cloud teams, and platform owners to ensure high-quality, security-relevant telemetry
- Act as a technical escalation point for SIEM-related investigations and incident response
- Continuously improve detection fidelity, data quality, and SIEM performance
- Support audit and compliance initiatives (e.g., PCI-DSS, ISO 27001, SOC 2) through monitoring, reporting, and evidence generation
- Document SIEM architecture, data flows, detection logic, and operational runbooks
Requirements
- 5
- 8 years of hands-on experience in SIEM engineering, detection engineering, or security monitoring
- Strong hands-on experience with CrowdStrike NGSIEM is required
- Candidates without NGSIEM experience must demonstrate deep, hands-on SIEM engineering experience using Splunk in enterprise environments
- Proven experience developing custom parsers and onboarding diverse log sources
- Hands-on experience with CrowdStrike Query Language (CQL) or equivalent SIEM query languages
- Strong experience building detection rules, dashboards, and alerting for SOC operations
- Hands-on experience with Cribl for log routing, enrichment, and pipeline optimization
- Experience with automation and API-based integrations
- Solid understanding of security telemetry, log formats, and large-scale log ingestion architectures
- Ability to work effectively in a global, fast-paced environment
Tech Stack
- Cloud
- Splunk
Benefits
- Health insurance
- Retirement plans
- Paid time off
- Flexible work arrangements
- Professional development