Senior SIEM Engineer

Summary

Join Coalfire as a Senior SIEM Engineer and play a key role in implementing and maintaining robust security monitoring solutions for our clients. Collaborate with a high-performing engineering team to deliver specialized security and cloud solutions across various sectors. Serve as a cloud Subject Matter Expert (SME), leading design, architecture, and deployment engagements in AWS, Azure, or GCP. Implement and maintain security tooling solutions and SIEM platforms to enhance threat detection and compliance. Develop client cloud and security strategies, conduct configuration reviews, and coordinate with clients and internal teams to establish effective security measures. Leverage Infrastructure-as-Code and work across diverse technology stacks to enhance deployments and streamline operations.

Requirements

• 5+ years of hands-on systems engineering and architecture experience—including requirements definition, architecture development, use-case/story creation, and systems integration/testing
• 5+ years of cloud experience in architecture, design, implementation, operations, and automation (AWS, Azure, or GCP)
• Advanced proficiency with Infrastructure-as-Code (IaC) and orchestration/automation tools (e.g., Terraform, Ansible)
• Proven expertise with SIEM platforms (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) and enterprise antivirus (AV) solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender)
• Deep understanding of AWS, Azure, or GCP platform capabilities (ideally as a Cloud Architect, Cloud DevOps Engineer, or Cloud Security Engineer)
• Experience working in Agile environments with technical teams of three or more individuals
• Excellent communication, organizational, and problem-solving skills, with the ability to convey complex technical information clearly
• Strong documentation skills for creating technical diagrams, written descriptions, and other supporting materials
• Demonstrated ability to work both independently and as a member of a team, maintaining a professional attitude and demeanor
• Critical thinking skills to balance robust security requirements against mission objectives
• Proven track record of adapting quickly and efficiently in fast-paced, dynamic environments
• Proven track record delivering end-to-end SIEM solutions in large-scale or high-compliance environments—from initial design through operational handover
• Hands-on leadership or senior-level contribution in cloud security projects, collaborating across cross-functional teams (e.g., DevOps, architecture, compliance) to drive impactful security outcomes
• Documented success integrating multiple security tools (SIEM, AV, intrusion detection systems, etc.) into a cohesive, enterprise-wide monitoring solution
• History of working under strict regulatory or industry frameworks (e.g., FedRAMP, HIPAA, PCI), ensuring solutions meet required standards without sacrificing performance
• Demonstrable client-facing experience in a consulting or services capacity, maintaining professionalism and clear communication in high-stakes or fast-paced engagements

Responsibilities

• Collaborate with a high-performing engineering team to deliver specialized security and cloud solutions across private and public sector environments
• Serve as a cloud Subject Matter Expert (SME) by leading design, architecture, and deployment engagements in AWS, Azure, or GCP, leveraging automated orchestration and configuration management
• Partner with leading Cloud Service Providers (CSPs) and enterprise clients to meet stringent security requirements and drive digital transformation efforts
• Implement, update, and maintain security tooling solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender) to ensure robust threat detection, AV protection, and compliance
• Implement, maintain, and update SIEM solutions (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) to enhance visibility and proactively mitigate cyber threats
• Develop client cloud and security strategies, including future-state architectures, roadmaps, and transformation plans
• Conduct cloud configuration and maturity reviews to identify gaps, optimize performance, and strengthen security posture
• Coordinate with clients and internal teams to establish the right balance of defense-in-depth techniques, translating security objectives into secure, scalable solutions
• Leverage Infrastructure-as-Code to build and implement secure and compliant enterprise servers, network infrastructures, boundary protections, and cloud architectures
• Work across diverse technology stacks in AWS, Azure, and GCP, utilizing native cloud services to enhance deployments and streamline operations
• Provide guidance during security assessment and authorization processes, ensuring alignment with industry frameworks and compliance standards
• Author and peer-review detailed design documentation, including security documentation and vendor best practices, to maintain consistently high-quality deliverables

Preferred Qualifications

• Professional services background: Prior experience supporting external clients from within a consulting or professional services organization
• Advanced threat detection: Hands-on experience with techniques such as user and entity behavior analytics (UEBA) or machine learning-based anomaly detection
• Automation capabilities: Experience automating workflows in GitLab or GitHub with Terraform and Ansible
• Modern application architectures: Proven expertise with serverless, microservices, and related technologies
• Configuration baseline standards: Familiarity with CIS Benchmarks, DISA STIG, and other relevant guidelines
• Encryption technologies: Hands-on experience implementing SSL, PKI, and other encryption methods
• Compliance frameworks: Understanding of FedRAMP, FISMA, HIPAA, HITRUST, PCI, and similar regulatory standards
• Splunk Enterprise Certified Admin or SumoLogic Administration or Microsoft Security Operations Analyst Associate
• AWS Solutions Architect Professional or AWS DevOps Engineer Professional or Azure Solutions Architect Expert or GCP Cloud Architect
• Splunk Enterprise Certified Architect or Splunk Certified Automation Developer

Benefits

• Flexible work model
• Paid parental leave
• Flexible time off
• Certification and training reimbursement
• Digital mental health and wellbeing support membership
• Comprehensive insurance options