Siem Engineer

About The Position

Requirements

• 10+ years of hands-on cybersecurity engineering experience, with at least 5 years in SIEM platform engineering, administration, or log management.
• Demonstrable, hands-on Coralogix experience—including platform administration, DataPrime query language, alert development (threshold, anomaly, flow, ratio), Parsing Rules engineering, TCO Optimizer configuration, and log pipeline design.
• Proven experience architecting and managing enterprise-scale logging pipelines, including OpenTelemetry Collector (OTEL) deployment in agent/gateway models.
• Experience onboarding and integrating diverse log sources: cloud-native APIs (AWS CloudTrail, VPC Flow Logs, S3/SNS/SQS), Kubernetes/EKS workloads, Windows/Linux endpoints, and network/security appliances (Palo Alto, Check Point, NetScaler, Citrix).
• Experience designing log pipelines with data masking, field redaction, or sensitive data handling requirements.
• Coralogix: DataPrime, GROK/regex Parsing Rules, alert types (threshold/anomaly/flow/ratio/metric), TCO Optimizer, Subsystem/Scope/RBAC administration, SSO/SAML configuration, API key management, Cases, SLO configuration, Olly AI agent, Streama ML.
• Log collection: OpenTelemetry Collector, Fluentd, Fluent Bit, or equivalent; reverse proxy architectures (Caddy 2, Nginx) for constrained-network log forwarding.
• cx_security log normalization schema and Coralogix Integration/Extension Package deployment.
• AWS logging architecture: CloudTrail, VPC Flow Logs, CloudWatch, S3-based log delivery, SNS/SQS event pipelines.
• Endpoint telemetry: Windows Event Logs (Sysmon, WEF), Linux auditd, EDR log integration.
• Network/security appliance log sources: Palo Alto (PAN-OS), Check Point, NetScaler/Citrix.
• Scripting and automation: Python, Bash, or equivalent for pipeline tooling, API integrations, and operational scripting.
• Federal logging requirements: OMB M-21-31 logging tiers, NIST 800-53 AU controls, audit log management.
• Experience operating in federal or regulated environments with multi-tenant data isolation requirements.
• Understanding of NIST RMF, ATO processes, and ISSO collaboration in federal cybersecurity programs.

Nice To Haves

• Experience with SOAR platforms and webhook-based alert orchestration integrated with Coralogix (ServiceNow, PagerDuty, Jira, Slack).
• Familiarity with AWS GovCloud logging architecture, cross-account log aggregation, and FedRAMP-compliant configurations.
• Experience with UEBA platforms (e.g., Exabeam) and integrating behavioral analytics output with SIEM normalization pipelines.
• Knowledge of MITRE ATT&CK framework and its application to detection coverage mapping and gap analysis.
• Experience supporting ATO/RMF processes, security control assessments, or security authorization activities.
• Prior experience in DoED, DoD, Federal HVA, or IRS/FTI-regulated environments.
• Relevant certifications such as: Coralogix Certified Engineer or equivalent platform certification, GIAC GCED, GCIH, GCIA, or similar security operations certifications, AWS Security Specialty or equivalent cloud security certification, CISSP, CISM, or Security+ (supplementary).
• Demonstrated ability to communicate technical platform decisions to non-technical stakeholders and drive adoption across a matrixed program organization.

Responsibilities

• Coralogix Platform Administration. As full Platform Administrator within the shared multi-tenant SOC organization
• Enterprise Log Collection Pipeline Architecture & Operations. Design, implement, and maintain log collection pipelines for multiple networks with distinct architectural constraints
• Detection Engineering.
• Incident Management & SLA Instrumentation
• SecOps Technology Stack Contribution

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)