Security Engineer (SIEM Engineer/Developer)
About the Role
We are seeking an experienced and highly skilled SIEM Engineer/Developer to join our cybersecurity team. In this role, you will lead the design, implementation, and optimization of SIEM / SOAR / Data Pipeline solutions across a variety of modern toolsets. This position is remote, but preference will be given to candidates located on the U.S. East Coast to align with team collaboration and customer support hours.
Key responsibilities:
Architect, implement, and maintain SIEM / SOAR / Data Pipeline solutions with a focus on modern platforms
Design and manage log ingestion pipelines
Optimize data routing, enrichment, and filtering to improve SIEM efficiency and cost control
Collaborate with cybersecurity, DevOps, and cloud infrastructure teams to integrate log sources and telemetry data
Develop custom parsers, dashboards, correlation rules, and alerting logic for security analytics and threat detection
Maintain and enhance system reliability, scalability, and performance of logging infrastructure
Provide expertise and guidance on log normalization, storage strategy, and data retention policies
Lead incident response investigations and assist with root cause analysis leveraging SIEM insights
Mentor junior engineers and contribute to strategic security monitoring initiatives
Required experience:
5+ years of experience in security engineering, with a primary focus on SIEM / SOAR platforms
Experience with data and observability pipeline tools
Strong knowledge of log formats, data normalization, and event correlation.
Familiarity with detection engineering, threat modeling, and MITRE ATT&CK framework
Proficiency with scripting (e.g., Python, PowerShell, Bash) and regular expressions
Deep understanding of logging from cloud (AWS, Azure, GCP) and on-prem environments
Preferred:
SIEM / SOAR / Data Pipeline tool certifications
Experience with log ingestion from EDR, NDR, firewall, and cloud-native sources
Familiarity with Kubernetes, serverless architectures, and containerized logging
Experience supporting enterprise-scale security operations centers (SOCs)
Security Engineer (SIEM Engineer/Developer)
About the Role
We are seeking an experienced and highly skilled SIEM Engineer/Developer to join our cybersecurity team. In this role, you will lead the design, implementation, and optimization of SIEM / SOAR / Data Pipeline solutions across a variety of modern toolsets. This position is remote, but preference will be given to candidates located on the U.S. East Coast to align with team collaboration and customer support hours.
Key responsibilities:
Architect, implement, and maintain SIEM / SOAR / Data Pipeline solutions with a focus on modern platforms
Design and manage log ingestion pipelines
Optimize data routing, enrichment, and filtering to improve SIEM efficiency and cost control
Collaborate with cybersecurity, DevOps, and cloud infrastructure teams to integrate log sources and telemetry data
Develop custom parsers, dashboards, correlation rules, and alerting logic for security analytics and threat detection
Maintain and enhance system reliability, scalability, and performance of logging infrastructure
Provide expertise and guidance on log normalization, storage strategy, and data retention policies
Lead incident response investigations and assist with root cause analysis leveraging SIEM insights
Mentor junior engineers and contribute to strategic security monitoring initiatives
Required experience:
5+ years of experience in security engineering, with a primary focus on SIEM / SOAR platforms
Experience with data and observability pipeline tools
Strong knowledge of log formats, data normalization, and event correlation.
Familiarity with detection engineering, threat modeling, and MITRE ATT&CK framework
Proficiency with scripting (e.g., Python, PowerShell, Bash) and regular expressions
Deep understanding of logging from cloud (AWS, Azure, GCP) and on-prem environments
Preferred:
SIEM / SOAR / Data Pipeline tool certifications
Experience with log ingestion from EDR, NDR, firewall, and cloud-native sources
Familiarity with Kubernetes, serverless architectures, and containerized logging
Experience supporting enterprise-scale security operations centers (SOCs)