Cribl Engineer (Expert)
Ennoble First Inc. · Reston, VA · 1 mo ago
Engineering$160k–$200k/yrFull-time
Primary Responsibilities
- Lead architecture, design, and implementation of Cribl Stream and Cribl Edge deployments across multiple enclaves and data domains.
- Design and maintain high-throughput observability pipelines supporting multi-terabyte-per-day telemetry environments.
- Develop advanced routing, filtering, enrichment, replay, and transformation workflows to support operational and analytic requirements.
- Optimize platform performance through tuning of worker groups, topology design, queue management, transport mechanisms, and resource utilization.
- Engineer secure data flows utilizing encryption, masking, tokenization, RBAC, PKI/TLS, and governance controls.
- Integrate Cribl pipelines with enterprise SIEM, analytics, cloud, and telemetry platforms including Splunk, Elastic, Kafka, and cloud-native services.
- Create reusable Cribl Packs, standardized pipeline patterns, engineering documentation, and operational runbooks.
- Serve as the senior technical escalation point for Cribl-related issues and coordinate directly with vendor engineering teams as required.
- Conduct architecture reviews, establish technical standards, and mentor engineers across the organization.
- Partner with security, cloud, analytics, infrastructure, and operations teams to define enterprise logging and telemetry strategies.
- Support continuous improvement initiatives focused on observability maturity, performance optimization, and operational excellence.
Required Qualifications
- Active TS/SCI clearance with Polygraph.
- Bachelor's degree in Computer Science, Information Systems, Engineering, Cybersecurity, or related field and 10+ years of relevant experience.
- Additional experience may be considered in lieu of a degree.
- 10+ years of experience supporting logging, observability, SIEM, or telemetry engineering environments.
- 5+ years designing, architecting, and operating enterprise-scale log and telemetry pipelines.
- 3+ years of hands-on experience with Cribl Stream and Cribl Edge in production environments.
- Demonstrated experience operating and scaling telemetry environments supporting 5–10+ TB/day of data ingestion.
- Expert-level knowledge of Splunk architecture, forwarding, ingestion pipelines, source type management, and indexing strategies.
- Strong Linux administration and troubleshooting experience.
- Experience with Python, Bash, Git, and automation tools such as Ansible and Terraform.
- Strong understanding of HTTP, TCP, TLS/mTLS, Kafka, S3, and other data transport and storage technologies.
- Experience designing secure data architectures utilizing encryption, RBAC, secrets management, and compliance controls.
- Demonstrated ability to lead technical teams, mentor engineers, and drive architectural decision-making.
- Cribl Certified Engineer (CCOE) certification or equivalent demonstrated expertise.
- Must possess the following DoD 8570.01-M certifications or be willing to obtain within 30 days of hire:
- Information Assurance Technician (IAT) Level II certification (currently Security+ CE, CCNA Security, GSEC, SSCP, CySA+, GICSP, or CND).
- Information Assurance Technician (IAT) Level III certification requirements (currently CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, or GCIH).
- Cyber Security Service Provider (CSSP) – Infrastructure Support certification requirements (currently CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND).
Preferred Qualifications
- Expertise developing and maintaining Cribl Packs and reusable pipeline frameworks.
- Experience supporting AWS, Azure, hybrid cloud, or multi-cloud telemetry architectures.
- Experience supporting cross-domain solutions and secure data movement architectures.
- Familiarity with NIST, CIS, and other cybersecurity control frameworks.
- Experience building observability frameworks for large-scale distributed systems.
- Experience working directly with Cribl Professional Services, product teams, or vendor escalation channels.
- Experience supporting Intelligence Community, DoD, or National Security mission environments.