Senior SIEM/Data Integration Engineer - Cribl/Splunk (TS/SCI)

About The Position

Requirements

• Senior Level: Master of Science (MS) degree in Systems Engineering, Computer Science, Cybersecurity, Electrical Engineering, or a related technical field.
• Senior Level: 10+ years of related technical experience.
• Splunk Expertise: Extensive (5+ years) experience as a Splunk administrator or engineer, with deep expertise in data onboarding, parsing, index-time processing, and search performance optimization.
• Pipeline Management: Direct, hands-on experience (2+ years) designing and managing a telemetry pipeline or log routing solution, with a strong preference for Cribl Stream.
• Scripting & Automation: Proficiency in scripting using languages such as Python or PowerShell for data manipulation and API interaction.
• Data Parsing: Strong understanding of regular expressions (Regex) for complex data parsing, extraction, and normalization.
• Required: CompTIA Security+ CE, CompTIA CySA+, or a higher-level certification to meet DoD 8570 IAT Level II requirements.
• Clearance: Active Top Secret clearance with SCI eligibility.

Nice To Haves

• Cribl Certified Observability Engineer (CCOE) certification.
• Splunk certifications such as Splunk Certified Architect or Enterprise Security Certified Admin.
• Hands-on experience with Microsoft Sentinel and Microsoft Purview as data sources.
• Experience working in a large, complex DoD or USSOCOM environment.
• Preferred: Splunk Core Certified Advanced Power User, Splunk Enterprise Certified Admin/Architect, or Cribl CCOE certifications.

Responsibilities

• Telemetry Pipeline Architecture: Design, deploy, and maintain the Cribl Stream infrastructure, ensuring high availability and performance for the security telemetry pipeline across all network enclaves.
• Data Routing & Filtering: Develop and manage Cribl Stream routes to process security data, implementing rules to filter out low-value logs and route high-value telemetry to Splunk and Microsoft Sentinel.
• Data Integration: Configure data source collectors to ingest logs from Microsoft Purview, Microsoft Sentinel, and on-premise security tools, utilizing APIs (such as Microsoft Graph) to pull compliance data.
• Log Enrichment: Enrich security logs in-flight by adding valuable context, such as correlating user identity information with network events or adding geolocation data, before the data reaches the SIEM.
• SIEM Optimization: Proactively reduce Splunk ingestion volume and license costs by strategically filtering and summarizing data within Cribl Stream, while ensuring that the data delivered aligns with the Splunk Common Information Model (CIM).

Benefits

• We offer competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401k including an employer match, discount perks, rewards, and more.
• We invest in our employees – Every employee is eligible for education reimbursement for certifications, degrees, or professional development.
• Reimbursement amounts may fluctuate due to IRS limitations.
• We want you to grow as an expert and a leader and offer flexibility for you to take a course, complete a certification, or other professional growth and networking.
• We are committed to supporting your curiosity and sustaining a culture that prioritizes commitment to continuous professional development.
• We work hard; we play hard.
• Kentro is committed to incorporating fun into every day.
• We dedicate funds for activities – virtual and in-person – e.g., we host happy hours, holiday events, fitness & wellness events, and annual celebrations.
• In alignment with our commitment to our communities, we also host and attend charity galas/events.
• We believe in appreciating your commitment and building a positive workspace for you to be creative, innovative, and happy.