Sr. Cribl Data Engineer | Remote, USA

2 days ago Be among the first 25 applicants

Lensa is the leading career site for job seekers at every stage of their career. Our client, Optiv, is seeking professionals. Apply via Lensa today!

The Data Engineer works in Optiv Security’s 24x7x365 Security Operations Center as a member of the Managed Security Services (MSS) team. The engineer will be responsible for creating procedures, implementing the software pipeline, focusing on monitoring the platform, and maintaining security systems for client environments. Experience and knowledge of observability pipelines, Splunk SIEM, and other Security Technologies are essential. The candidate will work closely with Management, Principal Engineers, Senior Engineers, Solution Architects, Threat Analysts, and other internal teams and clients to deliver high-profile, critical services to existing Managed Security Service clients. The role also involves serving as a primary responder for Managed Security customer systems, taking ownership of client issues, and tracking resolutions.

Responsibilities include:

1. Act as a point of escalation for other Engineers and provide guidance and mentoring.
2. Assist with client transition and onboarding, serving as the primary contact for Managed Security Service clients.
3. Document Account Governance processes and be responsible for report generation and notifying senior leadership about potential SLA issues.
4. Explain and demonstrate how to use observability and SIEM products to both technical and non-technical personnel.
5. Provide remote consulting services via interactive client sessions to assist with implementation of multiple product vendors and technologies.
6. Implement, configure, and maintain SIEM software and appliance-based products in large enterprise and government environments.
7. Develop, deploy, and tune SIEM content such as correlation rules, dashboards, reports, and models.
8. Provide escalation support to Tier 1 for authorized support customers, following established processes.
9. Lead the Splunk team by prioritizing work requests, projects, and service tasks.
10. Collaborate with Management, Service Delivery, and Principal Engineers to define processes and procedures for internal projects.
11. Identify areas for improvement in existing processes, procedures, and documentation.
12. Assist in team development by defining strategies and responsibilities.
13. Develop internal training methods to support Managed Services and clients.
14. Perform knowledge transfers and train clients regarding security and system configuration.

Minimum qualifications:

• 2+ years managing and maintaining observability platforms.
• 1+ years as a Splunk Administrator.
• 2+ years as a Cribl Administrator.
• Expert-level knowledge of Splunk Enterprise Security.
• Experience with installing and configuring Splunk CORE and Splunk Enterprise Security.
• Ability to analyze logs from various security devices.
• Confidence in dealing with complex technical problems.
• Willingness to learn and support multiple observability vendor platforms.
• Experience designing, automating, maintaining, and optimizing observability platforms.
• Knowledge of security logging for Linux, Windows, major EDRs, Firewalls, and Active Directory.
• Experience with big data technologies like Kafka, Splunk, TSDB, etc.
• Previous experience with Cloud platforms (AWS, Azure, GCP).
• Familiarity with industry standards and trends related to telemetry and software pipelines.
• Experience creating custom content, dashboards, reports, and alerts.
• Flexibility to provide on-call support (24/7) when needed.
• Experience with incident and problem tracking systems (Jira, Confluence, ServiceNow).
• Security certifications (GIAC, CISSP, CCSE, CISA, etc.) are preferred.
• Knowledge of Linux and Windows Operating Systems.
• Understanding of server applications like DBMS, Exchange, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, LDAP, SQL, etc.
• Experience with security products such as Devo, Chronicle, EDR, XDR, Exabeam, Sentinel, QRadar, Splunk, LogRhythm, Securonix, Elastic, RSA NetWitness, SumoLogic, and infrastructure components like proxies, firewalls, IDS/IPS, DLP.

What you can expect from Optiv:

• A company committed to Diversity, Equality, and Inclusion (see link).
• Work/life balance, professional training resources, and opportunities for complex projects.
• Volunteer opportunities and support for remote work where applicable.

EEO Statement: Optiv is an equal opportunity employer. We consider all qualified applicants regardless of race, color, religion, sex, gender identity, sexual orientation, age, marital status, genetic information, national origin, disability, military or veteran status, or any other protected basis. We respect your privacy and handle your information according to our privacy notice.