Sr. Cribl Data Engineer | Remote, USA

Join to apply for the Sr. Cribl Data Engineer | Remote, USA role at Optiv.

The Data Engineer works in Optiv Security’s 24x7x365 Security Operations Center as a member of the Managed Security Services (MSS) team. The engineer will be responsible for creating procedures, implementing the software pipeline, focusing on monitoring and platform maintenance, and security systems for client environments. Experience with observability pipelines, Splunk SIEM, and other security technologies is essential. The candidate will collaborate with management, principal engineers, senior engineers, solution architects, threat analysts, other internal teams, and clients to deliver high-profile, critical services. The role also involves serving as a primary responder for Managed Security customer systems, owning client issues, and tracking resolutions.

1. Act as a point of escalation for other engineers and provide guidance and mentoring.
2. Assist with client transition and onboarding, serving as the primary contact for Managed Security Service clients.
3. Document account governance processes and be responsible for report generation and notifying senior leadership of potential SLA issues.
4. Explain and demonstrate how to use observability and SIEM products to both technical and non-technical personnel.
5. Provide remote consulting services via interactive client sessions to implement multiple product vendors and technologies.
6. Implement, configure, and maintain SIEM software and appliances in large enterprise and government environments.
7. Develop, deploy, and tune SIEM content such as correlation rules, dashboards, reports, and models.
8. Provide escalation support to Tier 1 for authorized support customers, following proper processes and interacting appropriately with customers and partners.
9. Help lead the Splunk team by prioritizing work requests, projects, and service tasks.
10. Work with management and engineers to define processes and procedures for internal projects.
11. Analyze and identify areas for improvement in existing processes, procedures, and documentation.
12. Assist in team development by defining strategies and responsibilities for success and growth.
13. Develop internal training methods to support managed services and clients.
14. Implement and configure SIEM products in enterprise and government environments.
15. Perform knowledge transfers and train clients on security and system configuration.
16. The Senior Data Engineer has no direct reports.

• 2+ years managing and maintaining observability platforms.
• 1+ years as a Splunk Administrator.
• 2+ years as a Cribl Administrator.
• Expert-level knowledge of Splunk Enterprise Security.
• Experience installing and configuring Splunk CORE and Enterprise Security.
• Ability to analyze logs from various security devices.
• Confident in resolving complex technical problems.
• Willingness to learn and support multiple observability vendor platforms.
• Experience designing, automating, maintaining, and optimizing observability platforms (metrics, logging, tracing).
• Knowledge of security logging for Linux, Windows, EDRs, firewalls, and Active Directory.
• Expertise with big data technologies like Kafka, Splunk, TSDB, etc.
• Experience with cloud platforms (AWS, Azure, GCP).
• Stay updated on industry standards and trends related to telemetry and pipelines.
• Experience creating custom content, dashboards, reports, and alerts.
• Flexibility for shift work and on-call support (24/7).
• Experience with ticketing and knowledge base systems (Jira, Confluence, ServiceNow).
• General security knowledge and certifications (e.g., GIAC, CISSP, CEH).
• Knowledge of Linux and Windows OS.
• Understanding of server applications like DBMS, Exchange, DNS, SMTP, IIS, Apache, Active Directory, LDAP, SQL, etc.
• Experience with security products/technologies such as Devo, Chronicle, EDR, XDR, Exabeam, Sentinel, QRadar, Splunk, LogRhythm, Securonix, Elastic, RSA NetWitness, SumoLogic, and infrastructure components like proxies, firewalls, IDS/IPS, DLP.
• Familiarity with DevOps practices.
• Strong communication skills.
• Ability to interpret instructions and solve problems involving multiple variables.

• A company committed to Diversity, Equity, and Inclusion through Employee Resource Groups.
• Work/life balance.
• Professional training resources.
• Opportunity to work on complex, innovative projects.
• Volunteer opportunities via “Optiv Chips In”.
• Remote work capabilities where applicable.

Optiv is an equal opportunity employer. All qualified applicants will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age, marital status, genetic information, national origin, disability, military or veteran status, or other protected categories. We respect your privacy and handle your information according to our privacy policy.