Vailexa
SIEM Engineer
β - Featured Role | Apply direct with Data Freelance Hub
This role is for a SIEM Engineer focused on migrating from Splunk to Sentinel One Data Lake, lasting 12 months, with a pay rate of "unknown". Requires 7+ years in SIEM, 3+ years with Splunk, and strong XQL knowledge. Remote work.
π - Country
United States
π± - Currency
$ USD
-
π° - Day rate
Unknown
-
ποΈ - Date
February 19, 2026
π - Duration
More than 6 months
-
ποΈ - Location
Remote
-
π - Contract
Unknown
-
π - Security
Unknown
-
π - Location detailed
United States
-
π§ - Skills detailed
#Migration #Splunk #Automation #Azure #KQL (Kusto Query Language) #Bash #Python #Compliance #Security #Data Pipeline #Cloud #Data Lake #Data Ingestion #Normalization #"ETL (Extract #Transform #Load)" #AWS (Amazon Web Services) #API (Application Programming Interface) #GCP (Google Cloud Platform) #Strategy #JavaScript
Role description
Position: SIEM Engineer β Sentinel One Data Lake (Splunk Migration)
Location: 100% Remote
Duration: 12 months
Job Description:
We are seeking an experienced SIEM Engineer to lead our log analytics and detection infrastructure migration from Splunk to Sentinel One Data Lake. This role is pivotal in redefining our security telemetry ingestion, detection engineering, and analytics workflows using Sentinel Oneβs native data lake and Singularity platform.
Key Responsibilities:
β’ Migration Strategy & Execution:
Design and implement a phased migration plan from Splunk to Sentinel One Data Lake.
Map existing Splunk use cases, saved searches, alerts, dashboards, and data models to Sentinel One equivalents.
Translate Splunk SPL queries into Sentinel One Data Lake query language (e.g., XDR Query Language - XQL).
β’ Data Ingestion & Normalization:
Configure and onboard log sources (endpoint, firewall, cloud, identity, etc.) into Sentinel One Data Lake.
Ensure data is normalized and enriched to support threat detection and compliance use cases.
Use Cribl, Syslog, or Sentinel One native ingestion pipelines to transition data flow.
Required Skills & Experience:
β’ 7+ years of experience in SIEM engineering or security operations.
β’ 3+ years of hands-on experience with Splunk (including SPL, dashboards, and Ingestion).
β’ Strong knowledge of Sentinel One Singularity Data Lake and XQL (preferred).
β’ Familiarity with log source types: EDR, NDR, firewall, email security, identity logs, cloud APIs (AWS, Azure, GCP).
β’ Experience with Cribl or other log routing/optimization tools.
Required:
β’ Deep familiarity with XQL syntax, operators, filters, and joins.
Primary Skill:
β’ Filtering and transforming data (where, extract, project, parse\_json)
β’ Aggregations and stats (count, avg, sum, group by)
β’ Time-series functions and windowing
β’ Working with nested fields (common in EDR/NDR data)
β’ Compared to Kusto Query Language (KQL), KQL knowledge is transferable.
β’ Python
Highly Recommended:
β’ For building custom integrations, automation, or data pipelines with Sentinel One API
β’ XQL (XDR Query Language) - XQL is a proprietary query language used to query data in SentinelOneβs Singularity Data Lake. It is inspired by Kusto Query Language (KQL), so KQL experience is directly transferable.
β’ PowerShell
β’ JavaScript/Node.js or Bash
If youβre interested in this opportunity, please send your updated resume to randheer.t@vailexa.com. We look forward to connecting with you!
Position: SIEM Engineer β Sentinel One Data Lake (Splunk Migration)
Location: 100% Remote
Duration: 12 months
Job Description:
We are seeking an experienced SIEM Engineer to lead our log analytics and detection infrastructure migration from Splunk to Sentinel One Data Lake. This role is pivotal in redefining our security telemetry ingestion, detection engineering, and analytics workflows using Sentinel Oneβs native data lake and Singularity platform.
Key Responsibilities:
β’ Migration Strategy & Execution:
Design and implement a phased migration plan from Splunk to Sentinel One Data Lake.
Map existing Splunk use cases, saved searches, alerts, dashboards, and data models to Sentinel One equivalents.
Translate Splunk SPL queries into Sentinel One Data Lake query language (e.g., XDR Query Language - XQL).
β’ Data Ingestion & Normalization:
Configure and onboard log sources (endpoint, firewall, cloud, identity, etc.) into Sentinel One Data Lake.
Ensure data is normalized and enriched to support threat detection and compliance use cases.
Use Cribl, Syslog, or Sentinel One native ingestion pipelines to transition data flow.
Required Skills & Experience:
β’ 7+ years of experience in SIEM engineering or security operations.
β’ 3+ years of hands-on experience with Splunk (including SPL, dashboards, and Ingestion).
β’ Strong knowledge of Sentinel One Singularity Data Lake and XQL (preferred).
β’ Familiarity with log source types: EDR, NDR, firewall, email security, identity logs, cloud APIs (AWS, Azure, GCP).
β’ Experience with Cribl or other log routing/optimization tools.
Required:
β’ Deep familiarity with XQL syntax, operators, filters, and joins.
Primary Skill:
β’ Filtering and transforming data (where, extract, project, parse\_json)
β’ Aggregations and stats (count, avg, sum, group by)
β’ Time-series functions and windowing
β’ Working with nested fields (common in EDR/NDR data)
β’ Compared to Kusto Query Language (KQL), KQL knowledge is transferable.
β’ Python
Highly Recommended:
β’ For building custom integrations, automation, or data pipelines with Sentinel One API
β’ XQL (XDR Query Language) - XQL is a proprietary query language used to query data in SentinelOneβs Singularity Data Lake. It is inspired by Kusto Query Language (KQL), so KQL experience is directly transferable.
β’ PowerShell
β’ JavaScript/Node.js or Bash
If youβre interested in this opportunity, please send your updated resume to randheer.t@vailexa.com. We look forward to connecting with you!
