Senior Engineer - SIEM Platform Engineering & Operations

Job Description The Senior Engineer SIEM Platform Engineering & Operations is responsible for engineering, monitoring, and optimizing the firm’s SIEM ecosystem including Splunk, Microsoft Sentinel, and associated data pipelines to ensure data quality, platform resiliency, and analytic reliability. This role enhances the security data environment, leads strategic and tactical improvements, and serves as a SIEM subject‑matter expert and mentor across Cyber Security Technology teams. Core Responsibilities Engineer, monitor, and maintain the operational health and resiliency of SIEM platforms including Splunk Enterprise/Cloud and Microsoft Sentinel. Implement SIEM platform resiliency controls including cluster monitoring, ingestion latency tracking, and workload distribution optimizations. Monitor, maintain, and troubleshoot the data ingestion pipeline including Kafka clusters, Cribl pipelines, Splunk Forwarders, and Sentinel connectors. Develop dashboards for pipeline throughput, message lag, schema drift, and end‑to‑end data quality validation. Manage and enforce data SLIs/SLOs across freshness, completeness, correctness, and availability. Ensure proper CIM/OCSF/CEF normalization and enrichment for all security‑relevant data sources. Oversee the Anvilogic content management platform including rule execution health, version control, and analytics dependency monitoring. Develop unified observability dashboards covering SIEM platform state, ingestion health, detection pipeline execution, and analytic reliability. Serve as escalation point for SIEM data outages, ingestion failures, analytic misfires, and platform degradations. Collaborate with operational and engineering teams to design and enhance security detections, analytics, and proactive defenses. Write, optimize, and maintain SPL, KQL, and other query languages to support analytics, threat detection, and investigations. Support Model Risk Management (MRM) efforts to describe AI or ML Models in use by any of our SIEM Technologies. Required Qualifications 6+ years experience in Security Operations, SIEM Engineering, Detection Engineering, Incident Response, or related enterprise disciplines. Hands‑on experience with Splunk Enterprise/Cloud and Microsoft Sentinel in large‑scale environments. Experience with Kafka, Cribl, Databricks, Hadoop, Python, SQL, Pandas, Spark, or similar data platforms. Experience mapping log sources into structured models such as CIM, OCSF, CEF. Ability to troubleshoot complex SIEM ingestion, data quality, and infrastructure performance issues. Experience with EDR, SIEM, SOAR, and other enterprise‑scale cybersecurity tools. Ability to manage competing priorities, drive consensus, and deliver results across distributed teams. Desired Qualifications Experience with offensive security tooling and integrating SIEM/SOAR/TIP platforms. Knowledge of data science processes and statistical methods for detection enhancement. Experience threat hunting or performing detection engineering in cloud environments such as Azure, AWS, or M365. Experience maintaining Splunk KV stores, apps, and performing regular upgrades. Experience building SRE‑style observability and reliability patterns (SLIs, SLOs, error budgets) for cybersecurity platforms. Awareness of AI enabled Security Operations technologies. Skills Influence Result Orientation Solution Design Stakeholder Management Technical Strategy Development Access and Identity Management Cyber Security Information Systems Management Risk Management Solution Delivery Process Collaboration Critical Thinking DevOps Practices Financial Management Test Engineering Shift 1st shift (United States of America) Hours Per Week 40 Pay Transparency details US - CO - Denver - 1144 15th St - Denver Gis (CO9926), US - DC - Washington - 1800 K St NW - 1800 K Street NW (DC1842), US - IL - Chicago - 540 W Madison St - Bank Of America Plaza (IL4540) Pay range $150,000.00 - $190,700.00 annualized salary, offers to be determined based on experience, education and skill set. Discretionary incentive eligible Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company. Benefits This role is currently benefits eligible. We provide industry‑leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve. #J-18808-Ljbffr Koitecc Solutions