Security Engineer (Splunk)

About Coalfire

Coalfire is dedicated to making the world safer by solving our clients' toughest cybersecurity challenges. We operate at the forefront of technology, advising, assessing, and automating solutions to help companies navigate the evolving cybersecurity landscape. Headquartered in Chicago, with offices across the U.S. and U.K., we serve clients globally.

What You’ll Do

• Maintain SIEM solutions (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in cloud environments (AWS, Azure, GCP) to support FedRAMP continuous monitoring requirements.
• Manage and maintain log collection infrastructure, including forwarders, collectors, and ingestion pipelines across hybrid environments.
• Support SIEM performance tuning, storage management, retention settings, and licensing optimization.
• Implement and maintain log retention and audit configurations aligned with FedRAMP and other compliance frameworks.
• Develop, tune, and maintain detection rules, correlation searches, and alerting logic to identify security events.
• Create and maintain custom parsers and field extractions for various log sources.
• Reduce false positives through ongoing rule tuning and baseline analysis.
• Monitor SIEM alerts and investigate security events to support incident response and threat hunting.
• Contribute to the development of detection and response playbooks and operational procedures.
• Support troubleshooting of SIEM ingestion, parsing, and performance issues.
• Onboard new log sources and improve security visibility by working with infrastructure and application teams.
• Collect and organize SIEM control evidence and artifacts for audits.
• Ensure SIEM configurations support required controls like audit review and log integrity.
• Create and maintain SIEM architecture, detection, and operational documentation.
• Provide technical support during client reviews and operational meetings.
• Share knowledge and provide guidance to junior team members.
• Contribute to process improvement and automation initiatives.

What You’ll Bring

• 3+ years of hands-on systems engineering and architecture experience.
• 3+ years of cloud experience in architecture, design, implementation, operations, and automation (AWS, Azure, or GCP).
• Proven expertise with SIEM platforms (e.g., Splunk, Sentinel, ELK) and enterprise antivirus solutions.
• Understanding of AWS, Azure, or GCP platform capabilities.
• Experience working in Agile environments.
• Excellent communication, organizational, and problem-solving skills.
• Strong documentation skills.
• Ability to work both independently and as part of a team.
• Critical thinking skills to balance security requirements with mission objectives.
• Proven track record of adapting quickly in fast-paced environments.
• Proven track record delivering end-to-end SIEM solutions in large-scale or high-compliance environments.
• Hands-on leadership or senior-level contribution in cloud security projects.
• Documented success integrating multiple security tools into a cohesive monitoring solution.
• History of working under strict regulatory or industry frameworks (e.g., FedRAMP, HIPAA, PCI).
• Demonstrable client-facing experience in a consulting or services capacity.
• Relevant certifications such as Splunk Enterprise Certified Admin, SumoLogic Administration, Microsoft Security Operations Analyst Associate, AWS Solutions Architect Professional, Azure Solutions Architect Expert, or GCP Cloud Architect.
• Bachelor’s degree or equivalent work experience.
• US citizenship (required due to client contractual requirements)

Bonus Points

• Professional services background.
• Experience automating workflows in GitLab or GitHub with Terraform and Ansible.
• Expertise with serverless, microservices, and related technologies.
• Familiarity with CIS Benchmarks, DISA STIG.
• Hands-on experience with encryption technologies (SSL, PKI).
• Understanding of compliance frameworks (FedRAMP, FISMA, HIPAA, HITRUST, PCI).
• Advanced Splunk certifications.

Compensation

• Salary range: $78,000 - $135,000 per year.
• May be eligible for annual incentive, commission, and/or recognition programs.

Why You’ll Want to Join Us

• Supportive work environment with flexible work models.
• Opportunities for connection and wellbeing activities.
• Competitive perks and benefits: paid parental leave, flexible time off, certification and training reimbursement, mental health support, comprehensive insurance.
• Commitment to equal opportunity and pay equity.