GuidePoint Security is hiring a Senior SIEM Developer/Engineer to lead the design, implementation, and optimization of Security Information and Event Management (SIEM) systems and observability pipelines. You will work with a modern toolset to enhance security monitoring across cloud and on-premises environments. This is a remote position with a preference for candidates based on the U.S. East Coast.
What You'll Do
- Architect, implement, and maintain SIEM solutions with a focus on modern platforms.
- Design and manage log ingestion pipelines using tools such as Cribl Stream, Edge, or Search (or similar).
- Optimize data routing, enrichment, and filtering to improve SIEM efficiency and cost control.
- Collaborate with cybersecurity, DevOps, and cloud infrastructure teams to integrate log sources and telemetry data.
- Develop custom parsers, dashboards, correlation rules, and alerting logic for security analytics and threat detection.
- Maintain and enhance system reliability, scalability, and performance of logging infrastructure.
- Provide expertise and guidance on log normalization, storage strategy, and data retention policies.
- Lead incident response investigations and assist with root cause analysis leveraging SIEM insights.
- Mentor junior engineers and contribute to strategic security monitoring initiatives.
What We're Looking For
- 5+ years of experience in security engineering, with a primary focus on SIEM platforms.
- Hands-on experience with at least one of the listed SIEM platforms.
- 2+ years of experience with Cribl or similar observability pipeline tools (e.g., Logstash, Fluentd, Kafka).
- Strong knowledge of log formats, data normalization, and event correlation.
- Familiarity with detection engineering, threat modeling, and the MITRE ATT&CK framework.
- Proficiency with scripting (e.g., Python, PowerShell, Bash) and regular expressions.
- Deep understanding of logging from cloud (AWS, Azure, GCP) and on-prem environments.
- Bachelor’s degree in a relevant discipline or equivalent professional experience.
Technical Stack
- SIEM Platforms: Splunk, Microsoft Sentinel, Elastic, Google SecOps / Chronicle, CrowdStrike NG-SIEM / LogScale, Palo Alto XSIAM, SentinelOne SIEM
- Observability Pipelines: Cribl Stream, Cribl Edge, Cribl Search, Logstash, Fluentd, Kafka
- Scripting: Python, PowerShell, Bash
- Cloud Providers: AWS, Azure, GCP
Benefits & Compensation
- Remote workforce primarily (U.S. based only).
- Group Medical Insurance options: Zero Deductible PPO Plan or High Deductible Health Plan with HSA.
- Group Dental Insurance.
- 12 corporate holidays and a Flexible Time Off (FTO) program.
- Healthy mobile phone and home internet allowance.
- Eligibility for retirement plan after 2 months at open enrollment.
- Pet Benefit Option.
Work Mode
This is a fully remote position open to candidates located in the U.S. East Coast region.
GuidePoint Security is an equal opportunity employer.
