Cyber Data Engineer

About This Role

This role involves designing, building, and operating security data pipelines with a focus on Cribl, ensuring reliable collection, normalization, routing, and delivery of security data to downstream platforms like SIEM and EDR. The engineer will partner with system owners and security stakeholders to onboard sources, improve data quality, and meet logging and monitoring objectives both in cloud and on-prem environments.

Responsibilities

• Engineer and maintain security data pipelines (Cribl and/or equivalent) for ingestion, parsing, enrichment, filtering, routing, and delivery to ELM/SIEM and related platforms
• Integrate event feeds using common transport patterns (e.g., syslog) and validate end-to-end data flow, timing, completeness, and correctness
• Implement data transformations and normalization to support analytics and detection use cases (e.g., consistent fields, time alignment, source attribution)
• Operate and troubleshoot pipeline services, including performance tuning, backlog/latency reduction, and resilience/high-availability considerations
• Collaborate with SIEM/ELM engineers, SOC teams, and system owners to support onboarding, use-case enablement, and ongoing data quality improvements
• Support detection and incident response automation by ensuring required data elements are present, consistent, and delivered to the right destinations
• Create and maintain documentation (architecture/data flow diagrams, pipeline configurations, onboarding guides, SOPs, and troubleshooting runbooks)
• Participate in change control processes: implementation planning, testing/validation, and post-deployment verification

Requirements

• Bachelor's degree
• Ability to obtain Public Trust clearance
• 4+ years of experience in managing and engineering data pipelines (Cribl preferred)
• Solid experience with SIEM ingestion, data transformation, and platform integration
• Hands-on experience integrating event feeds with ELM/SIEM systems using syslog (and related patterns)
• Proven ability to create and maintain pipeline and deployment documentation
• Knowledge of threat/incident detection automation concepts in ELM/SIEM contexts
• Working knowledge of Splunk
• Familiarity with both cloud and on-premises data environments
• Strong problem-solving skills, technical writing/documentation discipline, and effective cross-team communication
• Experience with data governance for security telemetry (data quality checks, schemas/standards, retention considerations)
• Scripting/automation experience to support pipeline operations and repeatable deployments
• Experience supporting high-volume telemetry and multiple downstream destinations (security analytics, storage, compliance reporting)
• Legally authorized to work in the United States without the need for employer sponsorship

Qualifications

• Bachelor's degree
• 4+ years of experience in managing and engineering data pipelines, SIEM ingestion, data transformation, and platform integration, integrating event feeds with ELM/SIEM systems using syslog, and creating/maintaining pipeline and deployment documentation

Nice to Have

• Cribl experience (preferred for data pipelines)
• Familiarity with CrowdStrike Falcon platform features

Skills

* Required skills