Sr. Cribl Data Engineer | Remote, USA

1 day ago Be among the first 25 applicants

Lensa is the leading career site for job seekers at every stage of their career. Our client, Optiv, is seeking professionals. Apply via Lensa today!

The Data Engineer works in Optiv Security’s 24x7x365 Security Operations Center as a member of the Managed Security Services (MSS) team. The engineer will be responsible for creating procedures, implementing the software pipeline, focusing on monitoring the platform, and maintaining security systems for client environments. Experience and knowledge of observability pipelines, Splunk SIEM, and other security technologies are essential. The candidate will work closely with management, principal engineers, senior engineers, solution architects, threat analysts, and other internal teams and clients to deliver high-profile, critical services to existing Managed Security Service clients. Serve as a primary responder for Managed Security customer systems, taking ownership of client issues and tracking them through resolution.

How you’ll make an impact

• Act as a point of escalation for other engineers and provide guidance and mentoring.
• Assist with client transition and onboarding, serving as the primary point of contact for Managed Security Service clients.
• Document account governance processes and be responsible for report generation and notifying senior leadership about potential client SLA issues.
• Explain and demonstrate how to use observability and SIEM products to both technical and non-technical personnel.
• Provide remote consulting services via interactive client sessions to assist with implementation of multiple product vendors and technologies.
• Implement, configure, and maintain SIEM software and appliance-based products in large enterprise and government environments.
• Develop, deploy, and tune SIEM content such as correlation rules, dashboards, reports, and models.
• Provide escalation support to Tier 1 for authorized support customers, following processes and interacting appropriately with customers and partners.
• Help lead the Splunk team by prioritizing client work requests, projects, and service tasks.
• Collaborate with management, service delivery, and principal engineers to define processes and procedures for internal projects.
• Analyze and identify areas for improvement in existing processes, procedures, and documentation.
• Assist in team development by defining strategies and responsibilities for success and growth.
• Develop internal training methods to support managed services and clients.
• Implement and configure SIEM software and appliance-based products in enterprise and government environments.
• Perform knowledge transfers and train clients regarding security and system configuration.

The Senior Data Engineer has no direct reports.

What we’re hiring for

• 2+ years of professional experience managing and maintaining observability platforms.
• 1+ years experience as a Splunk Administrator.
• 2+ years experience as a Cribl Administrator.
• Expert-level knowledge of Splunk Enterprise Security.
• Experience with installing and configuring Splunk CORE and Splunk Enterprise Security.
• The ability to aggregate and analyze logs from various deployed security devices.
• Ability to deal confidently with complex technical problems.
• Willingness to learn and support multiple observability vendor platforms.
• Experience in designing, automating, maintaining, and optimizing observability platforms (metrics, logging, tracing).
• Knowledge of security logging for Linux, Windows, major EDRs, firewalls, & active directory.
• Expertise in delivering large-scale systems using big data technologies including Kafka, Splunk, TSDB, etc.
• Previous experience working with cloud platforms (AWS, Azure, GCP).
• Awareness of industry standards and trends related to telemetry and software pipelines.
• Experience creating custom content, dashboards, reports, and alerts.
• Flexibility to provide on-call support (24/7) when needed.
• Experience with ticketing and knowledge base systems like Jira, Confluence, ServiceNow.
• General security knowledge and relevant certifications (e.g., GIAC, CISSP, CEH).
• Knowledge of Linux and Windows operating systems.
• Understanding of server applications such as DBMS, Exchange, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, LDAP, SQL, etc.
• Experience with security products/technologies such as Devo, Chronicle, EDR, XDR, Exabeam, Sentinel, QRadar, Splunk, LogRhythm, Securonix, Elastic, RSA NetWitness, SumoLogic, and infrastructure components like proxies, firewalls, IDS/IPS, DLP.
• Familiarity with DevOps practices.
• Strong written and verbal communication skills.
• Ability to interpret instructions in various formats and carry out complex problem-solving.

What You Can Expect From Optiv

• A company committed to Diversity, Equity, and Inclusion.
• Work/life balance.
• Professional training resources.
• Opportunity to work on complex, innovative projects.
• Volunteer opportunities and community engagement.
• Remote work capabilities where applicable.

EEO Statement

Optiv is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age, marital status, genetic information, national origin, disability, military or veteran status, or other protected categories.