Key skills
Linux internalsData pipelines architectureSIEM expertiseShell scriptingDetection engineeringSecurity frameworks knowledgeProject leadershipCommunication skillsTeam collaborationPythonShellPowerShellSplunkLeadership
About this role
Gravwell is a full-stack security and observability platform on a mission to simplify the SIEM experience. They are seeking a highly technical Customer SIEM Engineer to lead customers through deployment, configuration, and long-term technical success, ensuring that every Gravwell instance is optimized for performance.
Responsibilities:
- Lead the Onboarding Journey: Take full technical ownership of the customer relationship immediately following the sale, moving them from initial setup to a fully operational production environment
- Architect Data Pipelines: Design and implement complex data ingestion strategies using Gravwell Ingesters, focusing on efficient normalization and parsing
- Detection Engineering: Collaborate with customer security teams to build, test, and deploy advanced queries and alerting logic to identify threats and system anomalies
- Systems Engineering: Provide expert-level guidance on Linux system tuning, storage optimization, and resource management to ensure Gravwell clusters perform at peak efficiency
- Mission Support: Act as the primary technical point of contact for complex troubleshooting, helping customers navigate deep-tier technical hurdles in their environments
- Develop Technical Tooling: Write custom shell scripts, utilities, and automation workflows to streamline deployment and data manipulation tasks
- Feedback Loop: Act as a conduit between the customer and our core Engineering team, translating real-world usage challenges into prioritized product features
Requirements:
- 3–5+ years in a highly technical role such as Security Engineer, SIEM Administrator, or Site Reliability Engineer (SRE)
- Linux Power User: You should be comfortable living in the terminal. Deep knowledge of Linux internals, file systems, and performance tuning is a must
- Scripting & Automation: Proficiency in Shell scripting, Python, or Powershell for system management and tasks
- Detection Mindset: Strong understanding of security frameworks (MITRE ATT&CK) and the ability to translate TTPs into functional search queries and alerts
- Log Mastery: Experience with regex, JSON manipulation, and structured/unstructured data normalization
- SIEM Expertise: Hands-on experience managing or deploying enterprise-grade platforms (e.g., Splunk, Elastic, QRadar, or specialized syslog-ng/fluentd architectures)
- Project Leadership: Ability to manage an onboarding timeline and guide multiple stakeholders through a technical mission
- Experience with various virtualization and storage architectures
- Knowledge of network protocols (PCAP analysis, Netflow, IPFIX)
- Certifications in Security (GCIA, GCIH, OSCP) or Linux (RHCSA/RHCE)