Back to jobsApply
Coalfire

Cyber solutions that move you forward, faster.

Security Engineer, SIEM

Full TimeRemoteTeam 1,001-5,000Since 2001H1B SponsorCompany SiteLinkedIn

Location

United States

Posted

22 days ago

Salary

$78K - $135K / year

Bachelor Degree3 yrs expEnglishAWSAzureCloudGoogle Cloud PlatformSplunk

Job Description

• Maintain SIEM solutions (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in cloud environments (AWS, Azure, GCP) to support FedRAMP continuous monitoring requirements • Maintain and support SIEM platforms (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in AWS, Azure, and GCP environments to support continuous monitoring and compliance requirements • Manage and maintain log collection infrastructure including forwarders, collectors, and ingestion pipelines across hybrid environments • Support SIEM performance tuning, storage management, retention settings, and licensing optimization under established operational guidelines • Implement and maintain log retention and audit configurations aligned with FedRAMP and other compliance framework requirements • Develop, tune, and maintain detection rules, correlation searches, and alerting logic to identify security events • Create and maintain custom parsers and field extractions for complex or proprietary log sources • Reduce false positives through ongoing rule tuning, baseline analysis, and detection improvement efforts • Participate in peer reviews of detection rules and SIEM configuration changes • Monitor SIEM alerts and investigate security events to support incident response and threat hunting activities • Contribute to development and maintenance of detection and response playbooks and operational procedures • Support troubleshooting of SIEM ingestion, parsing, and performance issues • Work with infrastructure and application teams to onboard new log sources and improve security visibility • Collect and organize SIEM control evidence and artifacts for audits and 3PAO assessment activities • Ensure SIEM configurations support required controls such as audit review, log integrity, and time synchronization • Create and maintain SIEM architecture, detection, and operational documentation and runbooks • Provide technical support during client reviews and operational meetings as assigned • Share knowledge and provide guidance to junior team members • Contribute to process improvement and automation initiatives within SIEM and detection workflows

Job Requirements

  • 3+ years of hands-on systems engineering and architecture experience—including requirements definition, architecture development, use-case/story creation, and systems integration/testing.
  • 3+ years of cloud experience in architecture, design, implementation, operations, and automation (AWS, Azure, or GCP).
  • Proven expertise with SIEM platforms (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) and enterprise antivirus (AV) solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender).
  • Understanding of AWS, Azure, or GCP platform capabilities (ideally as a Cloud Architect, Cloud DevOps Engineer, or Cloud Security Engineer).
  • Experience working in Agile environments with technical teams of three or more individuals.
  • Excellent communication, organizational, and problem-solving skills, with the ability to convey complex technical information clearly.
  • Strong documentation skills for creating technical diagrams, written descriptions, and other supporting materials.
  • Demonstrated ability to work both independently and as a member of a team, maintaining a professional attitude and demeanor.
  • Critical thinking skills to balance robust security requirements against mission objectives.
  • Proven track record of adapting quickly and efficiently in fast-paced, dynamic environments.
  • Proven track record delivering end-to-end SIEM solutions in large-scale or high-compliance environments—from initial design through operational handover.
  • Hands-on leadership or senior-level contribution in cloud security projects, collaborating across cross-functional teams (e.g., DevOps, architecture, compliance) to drive impactful security outcomes.
  • Documented success integrating multiple security tools (SIEM, AV, intrusion detection systems, etc.) into a cohesive, enterprise-wide monitoring solution.
  • History of working under strict regulatory or industry frameworks (e.g., FedRAMP, HIPAA, PCI), ensuring solutions meet required standards without sacrificing performance.
  • Demonstrable client-facing experience in a consulting or services capacity, maintaining professionalism and clear communication in high-stakes or fast-paced engagements.
  • Splunk Enterprise Certified Admin *or* SumoLogic Administration *or* Microsoft Security Operations Analyst Associate
  • AWS Solutions Architect Professional *or* AWS DevOps Engineer Professional *or* Azure Solutions Architect Expert* or* GCP Cloud Architect
  • Bachelor’s degree or equivalent work experience.

Benefits

  • paid parental leave
  • flexible time off
  • certification and training reimbursement
  • digital mental health and wellbeing support membership
  • comprehensive insurance options

Related Categories

Security Engineer

Related Job Pages

Remote Full-time Jobs (US)More US Remote Jobs