RemoteLeaf Logo
Log in Sign up

Security Engineer (SPLUNK)

2 hours ago
United States
Full-time
Senior
Security Engineer
Cybersecurity
Agile Ansible AWS Azure CrowdStrike GCP GitHub GitLab HIPAA Microservices Serverless SIEM Splunk Terraform TLS
Apply Now
Coalfire

Coalfire

Coalfire is a cybersecurity advisor that helps organizations avert threats, reduce risk, and turn security into a competitive advantage, fueling their success.

Internet Software & Services
251-1K
Founded 2001
$9M raised
View All Jobs 10

Description

  • Maintain and support SIEM platforms across AWS, Azure, and GCP environments for continuous monitoring and compliance.
  • Manage log collection infrastructure, including forwarders, collectors, and ingestion pipelines in hybrid environments.
  • Tune SIEM performance, storage, retention settings, and licensing to meet operational requirements.
  • Implement and maintain log retention and audit configurations aligned with FedRAMP and related frameworks.
  • Develop, tune, and maintain detection rules, correlation searches, and alerting logic.
  • Create custom parsers and field extractions for complex or proprietary log sources.
  • Reduce false positives through rule tuning, baseline analysis, and detection improvements.
  • Monitor SIEM alerts, investigate security events, and support incident response and threat hunting.
  • Support troubleshooting of SIEM ingestion, parsing, and performance issues.
  • Work with infrastructure and application teams to onboard new log sources and improve visibility.
  • Collect SIEM control evidence and artifacts for audits and 3PAO assessments.
  • Create and maintain SIEM documentation, architecture diagrams, runbooks, and operational procedures.
  • Provide technical support during client reviews and operational meetings.
  • Share knowledge with junior team members and contribute to process improvement and automation initiatives.

Requirements

  • 3+ years of hands-on systems engineering and architecture experience, including requirements definition, architecture development, use-case/story creation, and systems integration/testing.
  • 3+ years of cloud experience in architecture, design, implementation, operations, and automation with AWS, Azure, or GCP.
  • Proven expertise with SIEM platforms such as Splunk, Sentinel, ELK, LogRhythm, or Sumo Logic.
  • Experience with enterprise antivirus solutions such as Trend Micro, CrowdStrike, or Microsoft Defender.
  • Understanding of AWS, Azure, or GCP platform capabilities, ideally as a Cloud Architect, Cloud DevOps Engineer, or Cloud Security Engineer.
  • Experience working in Agile environments with technical teams of three or more people.
  • Excellent communication, organizational, and problem-solving skills.
  • Strong documentation skills for technical diagrams, written descriptions, and supporting materials.
  • Ability to work independently and as part of a team with a professional demeanor.
  • Ability to balance security requirements against mission objectives using critical thinking.
  • Ability to adapt quickly in fast-paced, dynamic environments.
  • Proven track record delivering end-to-end SIEM solutions in large-scale or high-compliance environments.
  • Hands-on leadership or senior-level contribution in cloud security projects across cross-functional teams.
  • Documented success integrating SIEM, AV, intrusion detection systems, and similar tools into an enterprise-wide monitoring solution.
  • Experience working under regulatory or industry frameworks such as FedRAMP, HIPAA, or PCI.
  • Client-facing experience in a consulting or services environment.
  • Splunk Enterprise Certified Admin, SumoLogic Administration, or Microsoft Security Operations Analyst Associate certification.
  • AWS Solutions Architect Professional, AWS DevOps Engineer Professional, Azure Solutions Architect Expert, or GCP Cloud Architect certification.
  • Bachelor’s degree or equivalent work experience.
  • US citizenship required due to client contractual requirements.
  • Experience automating workflows in GitLab or GitHub with Terraform and Ansible (preferred).
  • Experience with serverless, microservices, or related modern application architectures (preferred).
  • Familiarity with CIS Benchmarks, DISA STIG, and similar guidelines (preferred).
  • Hands-on experience with SSL, PKI, and other encryption methods (preferred).
  • Understanding of FedRAMP, FISMA, HIPAA, HITRUST, PCI, and similar compliance frameworks (preferred).
  • Splunk Enterprise Certified Architect or Splunk Certified Automation Developer (preferred).

Benefits

  • Salary range of $78,000 to $135,000 per year.
  • Eligibility for annual incentive, commission, and/or recognition programs.
  • Flexible work model with the ability to work from home or an office.
  • Paid parental leave.
  • Flexible time off.
  • Certification and training reimbursement.
  • Digital mental health and wellbeing support membership.
  • Comprehensive insurance options.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Xsolla

Principal Engineer – Identity Management (IAM & Golang Backend)

Xsolla 251-1K Internet Software & Services

Xsolla is seeking a Principal Engineer to lead the evolution of its identity and access management platform, building secure authentication and authorization services for a global gaming commerce ecosystem.

Anywhere Full-time Lead Security Engineer Technical Lead
$180k-$250k
AWS Azure Encryption GCP Go HashiCorp Vault JWT Kubernetes Microservices OpenID Connect SAML Secrets Management
0 minutes ago
Binance

Binance Accelerator Program - AI Security Automation

Binance 5K-10K Capital Markets

Binance’s Accelerator Program is seeking an early-career AI Security Automation intern to help build and support AI-driven security services and integrations within its global blockchain ecosystem.

Asia Internship Entry Level AI Engineer Security Engineer
AWS GitHub Kubernetes LLM Python
15 minutes ago
WaveStrong,

Remote Imperva Data Security SME

WaveStrong, 51-250 Internet Software & Services

WaveStrong is seeking a Remote Imperva Data Security SME to support enterprise data protection efforts by configuring and overseeing Imperva security solutions across customer environments.

United States Full-time Senior Security Engineer
WAF
45 minutes ago
WaveStrong,

Remote SOAR Developer/Engineer

WaveStrong, 51-250 Internet Software & Services

Remote contract role for a SOAR Developer/Engineer at an unspecified company, focused on automating SOC incident response workflows and improving security operations processes.

United States Contract Junior Security Engineer Software Engineer
CSS Cybersecurity DevSecOps HTML JavaScript JSON Network Security Python REST API SIEM SOC Splunk Visual Studio XML
45 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers