Cribl Engineer

Principal Cribl Engineer

GuidePoint Security is a premier cybersecurity solutions and services firm dedicated to empowering organizations to make informed security decisions and minimize risk. We provide trusted expertise across the cybersecurity landscape, serving some of the nation's most critical organizations, including Fortune 500 companies and U.S. government agencies.

About the Role

We are expanding our federal presales engineering team and are searching for technically exceptional engineers who excel at the intersection of federal missions and cybersecurity technology. As the Principal Cribl Engineer, you will be the foremost technical authority for observability pipelines built on Cribl Stream and Cribl Edge. This role is designed for a senior technologist with profound expertise in log/telemetry routing, large-scale data engineering, and enterprise-grade observability architectures. You will be instrumental in shaping pipeline strategy, designing complex routing and transformation logic, ensuring platform reliability, mentoring senior engineers, and serving as the ultimate technical escalation point for all Cribl-related challenges.

Key Responsibilities:

• Lead the architecture and design for Cribl Stream/Edge deployments across multiple enclaves and data domains.
• Construct high-throughput pipelines (multi-TB/day) incorporating advanced routing, filtering, enrichment, and replay workflows.
• Optimize system performance, including worker topology, CPU/memory distribution, queues, and transport mechanisms.
• Engineer secure data flows, implementing robust masking, tokenization, RBAC, PKI/TLS, and other essential governance controls.
• Integrate pipelines seamlessly with SIEM/analytics ecosystems such as Splunk, Elastic, SaaS telemetry platforms, and cloud services.
• Develop High Availability/Disaster Recovery (HA/DR) patterns, reliability frameworks, fleet health metrics, and processes for responding to failure modes.
• Maintain reusable Cribl packs, shared patterns, runbooks, and operational standards.
• Act as the senior escalation point for Cribl issues, interfacing directly with vendor engineering teams when necessary.
• Mentor junior engineers, conduct design reviews, drive engineering excellence, and enforce architectural standards.
• Support cross-functional teams (security, cloud, analytics, infrastructure) in defining and executing logging and telemetry strategies.

Requirements:

• Must possess an active TS/SCI clearance with Polygraph (CI or FS).
• 10+ years of experience in logging, observability, or SIEM engineering.
• 5+ years of experience architecting enterprise-scale log/telemetry pipelines.
• 3+ years of hands-on experience with Cribl Stream and Cribl Edge in production environments.
• Demonstrated success in operating and scaling pipelines at 5–10+ TB/day.
• Expert-level experience with Splunk forwarding/ingestion, source type management, and indexing best practices.
• Strong Linux fundamentals; proficiency in scripting (Python/Bash); experience with Git; and automation tools (Ansible/Terraform).
• Solid understanding of transport protocols (HTTP, TCP, TLS/MTLS), Kafka, and S3/object storage.
• Proven experience designing secure data flows, including encryption, RBAC, secrets management, and compliance controls.
• Demonstrated ability to mentor senior engineers and lead technical decision-making processes.
• Possess Cribl Certified Engineer (CCOE) certification or equivalent demonstrated product expertise.
• Must hold one of the following DoD 8570.01-M certifications or be willing to obtain within 30 days of hire:
• Information Assurance Technician (IAT) Level II (e.g., Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND).
• IAT Level III (e.g., CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, or GCIH).
• Cyber Security Service Provider (CSSP) - Infrastructure Support (IS) (e.g., CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND).

Preferred Qualifications:

• Expertise in creating and maintaining Cribl Packs and reusable pipelines.
• Experience with cloud telemetry (AWS, Azure, hybrid) and cross-domain data movement patterns.
• Familiarity with NIST/CIS control frameworks and secure engineering practices.
• Experience building observability frameworks for large, distributed systems.
• Experience engaging with vendors, including Cribl Professional Services and product teams for troubleshooting escalations.

Applicants selected will be subject to a security investigation and must meet eligibility requirements for access to classified information.

Please check your SPAM folder for communications, as our applicant tracking system (Greenhouse) and scheduling tool (Zoom Scheduler) may be filtered.

Why GuidePoint?

GuidePoint Security is a rapidly growing, profitable, privately-held value-added reseller exclusively focused on Information Security. Since 2011, we've grown to over 1,200 employees, established strategic partnerships with leading security vendors, and become a trusted advisor to over 6,200 customers. Our firmly-defined core values drive our business and foster an enjoyable workplace. You'll collaborate with knowledgeable, skilled, and experienced colleagues who actively provide mentorship and guidance. This is a unique opportunity to grow your career with one of the nation's fastest-growing companies.

Additional Perks:

• Primarily remote workforce (U.S. based only; some travel may be required; on-site work may be required for Federal positions).
• Group Medical Insurance: Options include a Zero Deductible PPO Plan (GuidePoint covers 90% of employee premiums, 70% for family) or a High Deductible Health Plan with HSA (GuidePoint covers 100% of employee premiums, 75% for family). For the HSA plan, GuidePoint contributes $850 annually for employees/$1750 for families in 4 quarterly installments.
• Group Dental Insurance: GuidePoint covers 100% of employee premiums and 75% for family plans.
• Time Off: 12 corporate holidays and a Flexible Time Off (FTO) program.
• Allowances: Healthy mobile phone and home internet allowance.
• Retirement: Eligibility for retirement plan after 2 months at open enrollment.
• Pet Benefit Option.