Senior Engineer - SIEM Platform Engineering & Operations

Senior Engineer, SIEM Platform Engineering & Operations Responsible for engineering, monitoring, and optimizing the firm's SIEM ecosystem including Splunk, Microsoft Sentinel, and associated data pipelines to ensure data quality, platform resiliency, and analytic reliability. Core Responsibilities Engineer, monitor, and maintain the operational health and resiliency of SIEM platforms including Splunk Enterprise/Cloud and Microsoft Sentinel. Implement SIEM platform resiliency controls including cluster monitoring, ingestion latency tracking, and workload distribution optimizations. Monitor, maintain, and troubleshoot the data ingestion pipeline including Kafka clusters, Cribl pipelines, Splunk Forwarders, and Sentinel connectors. Develop dashboards for pipeline throughput, message lag, schema drift, and end-to-end data quality validation. Manage and enforce data SLIs/SLOs across freshness, completeness, correctness, and availability. Ensure proper CIM/OCSF/CEF normalization and enrichment for all security-relevant data sources. Oversee the Anvilogic content management platform including rule execution health, version control, and analytics dependency monitoring. Develop unified observability dashboards covering SIEM platform state, ingestion health, detection pipeline execution, and analytic reliability. Serve as escalation point for SIEM data outages, ingestion failures, analytic misfires, and platform degradations. Collaborate with operational and engineering teams to design and enhance security detections, analytics, and proactive defenses. Write, optimize, and maintain SPL, KQL, and other query languages to support analytics, threat detection, and investigations. Support Model Risk Management (MRM) efforts to describe AI or ML models in use by any of our SIEM technologies. Required Qualifications 6+ years experience in Security Operations, SIEM Engineering, Detection Engineering, Incident Response, or related enterprise disciplines. Hands‑on experience with Splunk Enterprise/Cloud and Microsoft Sentinel in large‑scale environments. Experience with Kafka, Cribl, Databricks, Hadoop, Python, SQL, Pandas, Spark, or similar data platforms. Experience mapping log sources into structured models such as CIM, OCSF, CEF. Ability to troubleshoot complex SIEM ingestion, data quality, and infrastructure performance issues. Experience with EDR, SIEM, SOAR, and other enterprise‑scale cybersecurity tools. Ability to manage competing priorities, drive consensus, and deliver results across distributed teams. Desired Qualifications Experience with offensive security tooling and integrating SIEM/SOAR/TIP platforms. Knowledge of data science processes and statistical methods for detection enhancement. Experience threat hunting or performing detection engineering in cloud environments such as Azure, AWS, or M365. Experience maintaining Splunk KV stores, apps, and performing regular upgrades. Experience building SRE‑style observability and reliability patterns (SLIs, SLOs, error budgets) for cybersecurity platforms. Awareness of AI‑enabled Security Operations technologies. Skills Influence Result Orientation Solution Design Stakeholder Management Technical Strategy Development Access and Identity Management Cyber Security Information Systems Management Risk Management Solution Delivery Process Collaboration Critical Thinking DevOps Practices Financial Management Test Engineering Compensation and Benefits Pay range: $150,000.00 - $190,700.00 annualized salary, determined by experience, education, and skill set. Discretionary incentive eligible. Benefits eligible with industry‑leading benefits, paid time off, and support to contribute to business and community growth. Working Hours Shift: 1st shift (United States of America) Hours Per Week: 40 #J-18808-Ljbffr Koitecc Solutions