Senior Syslog Engineer

About The Position

Requirements

• Deep expertise in syslog-ng (mandatory)
• Strong understanding of syslog protocol internals (RFC3164, RFC5424, TCP/UDP/TLS behavior)
• Expertise in designing syslog filters and routing logic
• Strong experience with log parsing, pattern matching, and regex optimization
• Experience tuning log-iw-size, log-fifo-size, flush_lines, so_rcvbuf, disk-buffer and memory management
• Understanding of backpressure, buffering, and flow control
• Experience handling high EPS (10K–100K+) environments
• Ability to debug message loss, duplicate events, out-of-order processing, and high CPU/memory usage
• Strong Linux debugging skills (tcpdump, netstat, ss, top, strace)
• Experience with one or more SIEM platforms (Splunk, ELK, QRadar)
• Understanding of log ingestion pipelines (Kafka, Spark, etc.)
• Knowledge of data enrichment and normalization
• Someone who can look at a syslog-ng config and immediately identify inefficiencies
• Deep understanding of how filters impact performance and correctness
• Ability to design clean, maintainable, and scalable configurations
• Strong ownership mindset and problem-solving skills
• Ability to make systems efficient, resilient, and foolproof

Nice To Haves

• Experience with Kafka-based ingestion pipelines
• Knowledge of distributed systems and streaming architectures
• Experience with cloud environments (AWS)
• Familiarity with security logs (firewalls, IAM, endpoint, network devices)

Responsibilities

• Design, implement, and optimize syslog-ng configurations for high-volume log ingestion environments.
• Develop and maintain complex filtering logic to ensure accurate routing, normalization, and noise reduction of logs.
• Analyze and improve log pipeline performance (CPU, memory, latency, throughput).
• Build efficient, scalable, and fault-tolerant syslog architectures.
• Troubleshoot issues related to high CPU/memory usage, message drops/backpressure, ordering and duplication issues, and network/TCP/TLS ingestion problems.
• Optimize buffering, batching, and flow control mechanisms in syslog-ng.
• Work closely with SIEM platforms (e.g. Securonix, Splunk, ELK) to ensure seamless ingestion.
• Ensure log integrity, reliability, and completeness across the pipeline.
• Implement best practices for log parsing (RFC3164, RFC5424), structured vs unstructured logs, and secure syslog (TLS).
• Perform capacity planning and load testing for syslog pipelines.
• Create test frameworks to validate syslog filters and configurations.
• Document standards, guidelines, and reusable configurations.

Benefits

• Equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws.
• Compliance with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
• Policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training.
• Prohibition of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status.
• Prohibition of improper interference with the ability of Securonix employees to perform their expected job duties.