SIEM Engineer - CRIBL / SPLUNK Cybersecurity Log Data Engineer

Job Description: SIEM Engineer - CRIBL / SPLUNK Cybersecurity log data engineer • Minimum of 3 years of experience • Work closely with the Application team (e.g., owner, architect, etc.) to gain a thorough understanding of the application architecture, including servers, network devices, security log formats, security use cases, log frequencies, etc. • Must have hands on experience setting up data forwarding or streaming from the source to Cribl and from Cribl to Splunk using all different protocols such as syslog, HEC (HTTP Event Collector), UF (Universal Forwarder), custom integration, etc.. • Must possess practical experience in designing and modifying data pipelines in Cribl, including data transformation, rule configuration for data parsing, and data masking to enhance analysis in Splunk. • Perform data integration checks to ensure that data is flowing correctly from source through Cribl and into Splunk. • Perform data validation checks to make sure that the data format and content meet security requirements to enable threat detection rules. • Must be able to independently manage cross-functional stakeholders to ensure timely onboarding and validation of security logs, addressing any risks that may delay the onboarding process. • Able to monitor the data flow for any anomalies or performance issues using Cribl's and Splunk's monitoring and troubleshooting tools. • Capable of training team members in Cribl workflows, interfaces, and technologies as needed, and leveraging core knowledge to recommend automation solutions, whether through Cribl workflow management or AI, for the log data onboarding process to enhance efficiency.