Jobs · Information Technology · Florida

Security Observability Engineer

Starr · Destin, FL · 1 wk ago
Information TechnologyFull-time

Job Overview

We are seeking an experienced Security Observability Engineer to lead the migration, optimization, and secure operation of our log ingestion and observability pipelines.

Key Responsibilities

  • End-to-End SIEM Pipeline Management & Optimization

  • Lead the migration of log sources from Splunk ingestion to Cribl Stream/Edge pipelines, ensuring load-balanced, fault-tolerant delivery and processing of security and IT logs.

  • Architect and manage scalable, resilient pipelines—including design, implementation, and operation of load balancing solutions (e.g., Cribl worker groups, external load balancers, or syslog load distribution) for high ingest volumes.

  • Analyze, tune and securely onboard all log sources (firewalls, EDR, cloud, authentication, proxies, etc.)—covering parsing, filtering, and data reduction techniques to minimize Splunk ingest/storage costs without sacrificing security coverage.

  • Develop and maintain Cribl and Splunk configurations, including advanced transformations, field normalization, masking, and enrichment for security analytics.

  • Ensure optimal distribution of logging workload across Cribl worker nodes and Splunk indexers to prevent bottlenecks, data loss, or single points of failure.

  • Security Event Visibility and SOC Enablement

  • Collaborate with SOC, IR, and threat detection teams to ensure all security logs reach the SIEM efficiently and reliably, and logs are tuned for actionable detection.

  • Actively monitor, test, and remediate pipeline balancing and ingestion health to maximize uptime and forensic visibility.

  • Respond to and resolve SIEM and pipeline issues that impact security, detection, or compliance visibility.

  • Governance, Compliance & Documentation

  • Apply and document security policies for log routing, load balancing, event retention, and integrity—ensuring pipeline architecture meets audit, legal, and privacy requirements.

  • Track and report ingest reduction, Splunk cost savings, pipeline health, and event loss/drop rates across the load-balanced infrastructure.

  • Maintain clear, up-to-date documentation of log flows, pipeline topology, load balancing strategies, and operational procedures.

Required Skills & Qualifications

  • Extensive hands-on experience with Splunk SIEM engineering (indexers, search heads, clustering, forwarders, CIM, performance/load optimization).

  • 2+ years with Cribl Stream/Edge, including deployment and tuning of distributed, load-balanced pipelines.

  • Deep understanding of machine data transport (syslog, HEC, TCP, UDP), log balancing strategies (syslog balancers, DNS round-robin, Cribl worker groups, etc.), and high-availability logging environments.

  • Proven expertise onboarding, parsing, and tuning security log sources (firewalls, cloud, EDR/XDR, IAM, authentication, and networking) for best possible coverage and SOC/IR support.

  • Advanced Splunk SPL, data model, event parsing, and alert tuning skills; practical SIEM optimization experience.

  • Scripting/automation ability (Python, shell/CLI, or similar) for pipeline management and validation.

  • Strong troubleshooting, monitoring, and operational dashboard skills for both pipeline and SIEM health.

Preferred Qualifications

  • Hands-on experience designing and operating clustered/HA Cribl and Splunk deployments (worker groups, clustered indexers, resilient data forwarders, etc.).

  • Splunk ES or Cribl certifications.

Key Success Metrics

  • No loss of security data or alert coverage during/after pipeline migration and optimization.
  • Documented, measurable reductions in Splunk ingest volume and operational/storage cost.
  • Consistently balanced log throughput and minimal risk of bottlenecks or overloads—pipeline health and reliability metrics maintained above SLA.
  • Well-documented, adaptable pipeline and load balancing architecture.

About the Role

Grow your career with a rapidly growing company that invests in its people and their ability to drive real progress.

Qualifications

  • Equal Opportunity Employer
  • First Class Training and Development Opportunities

Similar jobs

Security Engineer

Sonata Software North America Inc.Irving, TX· 3 wk ago
Information Technologyapply on sonataone.darwinbox.in

Security Engineer

United States Cold Storage, Inc.Camden, NJ· 1 wk ago
Information Technology$100k–$120k/yrapply on recruiting.ultipro.com

Security Engineer

HeyGenSan Francisco, CA· 1 wk ago
Information Technologyapply on grnh.se

Security Engineer

Menlo ResearchSan Francisco, CA· 3 wk ago
Information Technologyapply on menlo.ai

Security Engineer

Cogent PeopleColumbia, MD· 1 mo ago
Information Technologyapply on recruiting.paylocity.com

Security Engineer

EABRichmond, VA· 3 wk ago
Engineering$74k–$93k/yrapply on recruit.hirebridge.com