Senior SIEM/Data Integration Engineer - Cribl/Splunk (TS/SCI) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Kentro ยท 2 weeks ago

Senior SIEM/Data Integration Engineer - Cribl/Splunk (TS/SCI)

positionTampa, FL
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
date10+ years exp

Kentro is a company focused on innovation and collaboration, seeking a highly skilled SIEM/Data Integration Engineer to support a Zero Trust initiative at U.S. Special Operations Command. The role involves designing and managing a telemetry pipeline to ensure effective processing and delivery of security data.

Information Technology & Services
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Telemetry Pipeline Architecture: Design, deploy, and maintain the Cribl Stream infrastructure, ensuring high availability and performance for the security telemetry pipeline across all network enclaves
Data Routing & Filtering: Develop and manage Cribl Stream routes to process security data, implementing rules to filter out low-value logs and route high-value telemetry to Splunk and Microsoft Sentinel
Data Integration: Configure data source collectors to ingest logs from Microsoft Purview, Microsoft Sentinel, and on-premise security tools, utilizing APIs (such as Microsoft Graph) to pull compliance data
Log Enrichment: Enrich security logs in-flight by adding valuable context, such as correlating user identity information with network events or adding geolocation data, before the data reaches the SIEM
SIEM Optimization: Proactively reduce Splunk ingestion volume and license costs by strategically filtering and summarizing data within Cribl Stream, while ensuring that the data delivered aligns with the Splunk Common Information Model (CIM)

Qualification

Splunk expertiseCribl Stream managementTelemetry pipeline designScripting in PythonData parsing with RegexMicrosoft Sentinel experienceMicrosoft Purview experienceCompTIA Security+ CECompTIA CySA+Cribl CCOE certification

Required

Master of Science (MS) degree in Systems Engineering, Computer Science, Cybersecurity, Electrical Engineering, or a related technical field
10+ years of related technical experience
Extensive (5+ years) experience as a Splunk administrator or engineer, with deep expertise in data onboarding, parsing, index-time processing, and search performance optimization
Direct, hands-on experience (2+ years) designing and managing a telemetry pipeline or log routing solution, with a strong preference for Cribl Stream
Proficiency in scripting using languages such as Python or PowerShell for data manipulation and API interaction
Strong understanding of regular expressions (Regex) for complex data parsing, extraction, and normalization
CompTIA Security+ CE, CompTIA CySA+, or a higher-level certification to meet DoD 8570 IAT Level II requirements
Active Top Secret clearance with SCI eligibility

Preferred

Cribl Certified Observability Engineer (CCOE) certification
Splunk certifications such as Splunk Certified Architect or Enterprise Security Certified Admin
Hands-on experience with Microsoft Sentinel and Microsoft Purview as data sources
Experience working in a large, complex DoD or USSOCOM environment
Splunk Core Certified Advanced Power User, Splunk Enterprise Certified Admin/Architect, or Cribl CCOE certifications

Benefits

Competitive benefits package including paid time off
Healthcare benefits
Supplemental benefits
401k including an employer match
Discount perks
Rewards
Education reimbursement for certifications, degrees, or professional development
Funds for activities - virtual and in-person - e.g., we host happy hours, holiday events, fitness & wellness events, and annual celebrations

Company

Kentro

twitter
company-logo
IT Concepts has transformed into Kentro - your center for innovation, excellence, and growth.
location
McLean, Virginia, US
people-size501-1000 employees
web-link
http://www.kentro.us

Funding

Current Stage
Late Stage
Company data provided by crunchbase