Technical Service Lead– Enterprise Logging

About The Position

Requirements

• Typically requires a minimum of 8 years of related experience with a Bachelor’s degree; or 6 years and a Master’s degree; or a PhD with 3 years’ experience; or equivalent combination of related education and work experience.
• Significant hands-on experience supporting enterprise logging, SIEM, or observability services in a large-scale environment.
• Hands-on experience administering and managing Splunk and Cribl in an enterprise logging architecture.
• Deep understanding of Splunk architecture, administration, operations, and platform management.
• Strong understanding of Cribl administration and data pipeline management, including routing, filtering, transformation, enrichment, and optimization of log flows.
• Demonstrated ability to balance service ownership responsibilities with direct technical execution.
• Experience troubleshooting data ingestion failures, logging gaps, pipeline issues, routing problems, forwarder issues, search performance problems, and other operational issues in Splunk, Cribl, or comparable logging platforms.
• Experience collaborating across departments and driving service delivery in complex enterprise environments.
• Experience with service planning, roadmap development, operational governance, and execution management.
• Experience managing operational budgets, priorities, and enterprise service expectations.
• Strong knowledge of infrastructure operations, data ingestion pipelines, authentication methods, access management, configuration management, and forwarder administration within enterprise logging environments.
• Proficiency in Python, Bash, PowerShell, or similar scripting languages for automation and advanced administration.
• Strong analytical and problem-solving skills, including the ability to develop practical mitigation strategies for complex technical issues.
• Experience supporting compliance, audits, and security operations in regulated or security-conscious environments.
• Flexibility to support occasional after-hours maintenance windows, implementation activities, troubleshooting, and incident response as needed.
• Must be eligible to obtain and maintain a Secret U.S Government issued Security Clearance within one year of hire.
• Must be a U.S Citizen to be considered for a security clearance.
• This position is hybrid and requires 50% on-site presence in our Bedford, MA or McLean, VA office based on business and operational needs.

Nice To Haves

• Experience owning or leading an enterprise logging service with responsibility for both service strategy and hands-on operational support.
• Experience with SPL, data onboarding, dashboard development, alerting, reporting, and visualization.
• Experience using Cribl to optimize data flows, reduce ingestion costs, improve data quality, and support routing to multiple downstream destinations.
• Experience translating compliance, audit, and security requirements into logging use cases, onboarding standards, retention strategies, and implementation plans.
• Experience contributing to policy, standards, or annual content reviews related to logging, monitoring, audit, or cybersecurity operations.
• Knowledge of emerging IT and cybersecurity technologies relevant to logging and cyber defense operations.
• Ability to advise senior leadership on operational risk, security posture, service maturity, and policy or process changes.
• Experience improving service management practices such as KPI development, SLA management, incident management, problem management, and change management.
• Experience mentoring junior staff and contributing to a collaborative, high-performing team environment.
• Familiarity with insider threat programs and strategies for mitigating insider risks.
• Experience aligning logging and monitoring capabilities to CMMC, NIST 800-171, NIST 800-53, or similar compliance frameworks.
• Strong written and verbal communication skills, with the ability to explain technical concepts to technical and non-technical audiences.

Responsibilities

• Lead MITRE’s enterprise logging service, establishing service strategy, priorities, roadmaps, and execution plans while contributing directly to implementation and operational support.
• Provide hands-on administration, troubleshooting, and continuous improvement of the enterprise logging environment, including Splunk infrastructure and Cribl data pipeline components.
• Partner with System Administrators, Information System Security Officers, enterprise technology teams, and other stakeholders to maintain and enhance logging capabilities across the corporation.
• Support day-to-day operations of the logging service, ensuring reliability, performance, scalability, service continuity, and effective handling of log collection, transport, transformation, and indexing.
• Investigate and remediate logging failures, ingestion issues, pipeline bottlenecks, routing errors, forwarder problems, search performance concerns, and other operational issues affecting platform health.
• Manage service planning activities, including budget inputs, licensing considerations, forecasting, roadmap development, and prioritization of enhancements across Splunk and Cribl capabilities.
• Design, deploy, maintain, and improve Splunk infrastructure, including indexers, search heads, clusters, and forwarders, to support high availability, resilience, and operational effectiveness.
• Administer and manage Cribl components used for log routing, reduction, filtering, enrichment, transformation, and delivery to downstream platforms, ensuring data is handled efficiently and in accordance with operational and security requirements.
• Contribute to upstream logging requirements by supporting annual content reviews, policy updates, control interpretation, and enterprise discussions on logging, retention, and audit expectations.
• Lead and support downstream data management activities, including data onboarding, filtering, normalization, routing, transformation, retention, and lifecycle management.
• Integrate new data sources from Windows, Linux, Cisco, and other enterprise systems, ensuring proper ingestion and transport through effective configuration of inputs, source types, indexes, forwarders, and Cribl data flows.
• Develop dashboards, alerts, and reports that provide actionable insights for operations, security monitoring, troubleshooting, and audit support.
• Manage Splunk roles, permissions, and authentication mechanisms to ensure secure and appropriate access.
• Translate business, security, and compliance requirements into logging standards, technical solutions, data pipeline configurations, and service improvements.
• Support incident, problem, and change management activities, including root cause analysis, mitigation planning, and implementation of corrective actions.
• Ensure the logging environment is configured and maintained in accordance with enterprise security requirements and policies. Support compliance with applicable frameworks, including CMMC, NIST 800-171, and NIST 800-53, and help maintain audit readiness.
• Support external inspections, assessments, and audits involving enterprise logging capabilities, data handling processes, and related controls.
• Provide technical leadership, mentor teammates as appropriate, and communicate effectively with both technical and non-technical stakeholders, including senior leadership.
• Drive continuous improvement through documentation, automation, process refinement, and service maturity enhancements across the enterprise logging ecosystem.

Benefits

• Competitive benefits
• Exceptional professional development opportunities for career growth