Senior SIEM/Data Integration Engineer - Cribl/Splunk (TS/SCI)
Kentro
Tampa, FL
Full Time
Senior Level
10+ years
Posted 3 weeks ago
Interested in this position?
Upload your resume and we'll match you with this and other relevant opportunities.
Upload Your ResumeAbout This Role
Design, build, and manage the critical telemetry pipeline for a landmark Zero Trust initiative at U.S. Special Operations Command. This role ensures high-volume, complex cybersecurity data from cloud-native tools is processed and delivered to security analysts effectively and cost-efficiently.
Responsibilities
- Design, deploy, and maintain the Cribl Stream infrastructure, ensuring high availability and performance for the security telemetry pipeline across all network enclaves
- Develop and manage Cribl Stream routes to process security data, implementing rules to filter out low-value logs and route high-value telemetry to Splunk and Microsoft Sentinel
- Configure data source collectors to ingest logs from Microsoft Purview, Microsoft Sentinel, and on-premise security tools, utilizing APIs (such as Microsoft Graph) to pull compliance data
- Enrich security logs in-flight by adding valuable context, such as correlating user identity information with network events or adding geolocation data, before the data reaches the SIEM
- Proactively reduce Splunk ingestion volume and license costs by strategically filtering and summarizing data within Cribl Stream, while ensuring that the data delivered aligns with the Splunk Common Information Model (CIM)
Requirements
- Master of Science (MS) degree in Systems Engineering, Computer Science, Cybersecurity, Electrical Engineering, or a related technical field
- 10+ years of related technical experience
- 5+ years experience as a Splunk administrator or engineer
- 2+ years experience designing and managing a telemetry pipeline or log routing solution
- Proficiency in scripting using Python or PowerShell
- Strong understanding of regular expressions (Regex)
- Active Top Secret clearance with SCI eligibility
Qualifications
- Master of Science (MS) degree in Systems Engineering, Computer Science, Cybersecurity, Electrical Engineering, or a related technical field
- 10+ years of related technical experience, 5+ years of Splunk experience, 2+ years of telemetry pipeline management
Nice to Have
- Cribl Certified Observability Engineer (CCOE) certification
- Splunk Certified Architect or Enterprise Security Certified Admin certification
- Hands-on experience with Microsoft Sentinel and Microsoft Purview as data sources
- Experience working in a large, complex DoD or USSOCOM environment
Skills
Python
*
Splunk
*
PowerShell
*
API
*
SIEM
*
Microsoft Purview
*
CRIBL Stream
*
Regex
*
Microsoft Sentinel
*
Microsoft Graph
*
* Required skills
Benefits
Paid Time Off
Rewards
Holiday Events
Education reimbursement for certifications, degrees, or professional development
Happy hours
Healthcare Benefits
Discount perks
Fitness & wellness events
Charity galas/events
Supplemental benefits
401k including an employer match
Annual celebrations
Certifications
CompTIA Security+ CE
(Required)
CompTIA CySA+
(Required)
About Kentro
IT Concepts dba Kentro is an organization committed to advancing customers' missions, fostering professional growth, and making a positive impact on communities, specializing in IT services and consulting.
Technology
View all jobs at Kentro →