Cyber Data Engineer

About This Role

Design, build, and operate security data pipelines with a strong emphasis on Cribl, ensuring cybersecurity telemetry is reliably collected, normalized, routed, and delivered to downstream platforms like ELM/SIEM and EDR. This role ensures effective detection, response, and compliance reporting for clients.

Responsibilities

• Engineer and maintain security data pipelines (Cribl and/or equivalent) for ingestion, parsing, enrichment, filtering, routing, and delivery to ELM/SIEM and related platforms
• Integrate event feeds using common transport patterns (e.g., syslog) and validate end-to-end data flow, timing, completeness, and correctness
• Implement data transformations and normalization to support analytics and detection use cases
• Operate and troubleshoot pipeline services, including performance tuning, backlog/latency reduction, and resilience/high-availability considerations
• Collaborate with SIEM/ELM engineers, SOC teams, and system owners to support onboarding, use-case enablement, and ongoing data quality improvements
• Support detection and incident response automation by ensuring required data elements are present, consistent, and delivered to the right destinations
• Create and maintain documentation (architecture/data flow diagrams, pipeline configurations, onboarding guides, SOPs, and troubleshooting runbooks)
• Participate in change control processes: implementation planning, testing/validation, and post-deployment verification

Requirements

• Bachelor's degree
• Ability to obtain Public Trust clearance
• Legally authorized to work in the United States without employer sponsorship
• 4+ years of experience in managing and engineering data pipelines (Cribl preferred; equivalent tools accepted)
• Solid experience with SIEM ingestion, data transformation, and platform integration
• Hands-on experience integrating event feeds with ELM/SIEM systems using syslog
• Proven ability to create and maintain pipeline and deployment documentation
• Knowledge of threat/incident detection automation concepts in ELM/SIEM contexts
• Working knowledge of Splunk
• Familiarity with CrowdStrike Falcon platform features
• Familiarity with both cloud and on-premises data environments
• Strong problem-solving skills, technical writing/documentation discipline, and effective cross-team communication
• Experience with data governance for security telemetry
• Scripting/automation experience to support pipeline operations and repeatable deployments
• Experience supporting high-volume telemetry and multiple downstream destinations

Qualifications

• Bachelor's degree
• 4+ years of experience in at least five or more of the listed areas related to data pipelines, SIEM ingestion, event feed integration, documentation, threat detection automation, data governance, scripting, and supporting high-volume telemetry.

Skills

* Required skills