Own and enhance the enterprise security data platform, ensuring reliable collection, enrichment, routing, and delivery of security telemetry.
Design, build, and optimize log ingestion pipelines using Cribl, Splunk Cloud, and AWS services to support security monitoring and incident response.
Engineer and maintain cloud-native data ingestion infrastructure using AWS CDK, S3, SQS, IAM, and Infrastructure as Code principles.
Manage Splunk Cloud data onboarding, including indexes, sourcetypes, field extractions, HEC endpoints, and data quality validation.
Develop automation and integrations using Python and APIs to improve operational efficiency and platform scalability.
Onboard new systems and services into the security monitoring ecosystem from requirements gathering through production deployment.
Optimize telemetry pipelines to improve data quality, reduce noise, and maximize the effectiveness of security detections and investigations.
Collaborate with Security Operations, Incident Response, Cloud Security, and Application Security teams to meet monitoring and investigative requirements.

You have built things in Splunk: indexes, sourcetypes, SPL, HEC, field extractions.
You have designed and operated log pipelines at scale (Cribl preferred, Logstash/Fluentd also valued).
You build in AWS: S3, SQS, IAM, Infrastructure as Code.
You code in Python and automate API integrations.
You understand security data: what to collect, what to filter, what matters for detection.
Experience with Cribl Lake, Splunk ES, Grafana / Alloy, Sigma rules and Kubernetes logging.

Senior Security Monitoring Engineer – Flutter Functions

Key skills