[Remote] Security Engineer (Splunk)
Note: The job is a remote job and is open to candidates in USA. Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. The Security Engineer (Splunk) will maintain and support SIEM solutions in cloud environments, manage log collection infrastructure, and develop detection rules to identify security events.ResponsibilitiesMaintain SIEM solutions (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in cloud environments (AWS, Azure, GCP) to support FedRAMP continuous monitoring requirementsMaintain and support SIEM platforms (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in AWS, Azure, and GCP environments to support continuous monitoring and compliance requirementsManage and maintain log collection infrastructure including forwarders, collectors, and ingestion pipelines across hybrid environmentsSupport SIEM performance tuning, storage management, retention settings, and licensing optimization under established operational guidelinesImplement and maintain log retention and audit configurations aligned with FedRAMP and other compliance framework requirementsDevelop, tune, and maintain detection rules, correlation searches, and alerting logic to identify security eventsCreate and maintain custom parsers and field extractions for complex or proprietary log sourcesReduce false positives through ongoing rule tuning, baseline analysis, and detection improvement effortsParticipate in peer reviews of detection rules and SIEM configuration changesMonitor SIEM alerts and investigate security events to support incident response and threat hunting activitiesContribute to development and maintenance of detection and response playbooks and operational proceduresSupport troubleshooting of SIEM ingestion, parsing, and performance issuesWork with infrastructure and application teams to onboard new log sources and improve security visibilityCollect and organize SIEM control evidence and artifacts for audits and 3PAO assessment activitiesEnsure SIEM configurations support required controls such as audit review, log integrity, and time synchronizationCreate and maintain SIEM architecture, detection, and operational documentation and runbooksProvide technical support during client reviews and operational meetings as assignedShare knowledge and provide guidance to junior team membersContribute to process improvement and automation initiatives within SIEM and detection workflowsSkills3+ years of hands-on systems engineering and architecture experience—including requirements definition, architecture development, use-case/story creation, and systems integration/testing3+ years of cloud experience in architecture, design, implementation, operations, and automation (AWS, Azure, or GCP)Proven expertise with SIEM platforms (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) and enterprise antivirus (AV) solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender)Understanding of AWS, Azure, or GCP platform capabilities (ideally as a Cloud Architect, Cloud DevOps Engineer, or Cloud Security Engineer)Experience working in Agile environments with technical teams of three or more individualsExcellent communication, organizational, and problem-solving skills, with the ability to convey complex technical information clearlyStrong documentation skills for creating technical diagrams, written descriptions, and other supporting materialsDemonstrated ability to work both independently and as a member of a team, maintaining a professional attitude and demeanorCritical thinking skills to balance robust security requirements against mission objectivesProven track record of adapting quickly and efficiently in fast-paced, dynamic environmentsProven track record delivering end-to-end SIEM solutions in large-scale or high-compliance environments—from initial design through operational handoverHands-on leadership or senior-level contribution in cloud security projects, collaborating across cross-functional teams (e.g., DevOps, architecture, compliance) to drive impactful security outcomesDocumented success integrating multiple security tools (SIEM, AV, intrusion detection systems, etc.) into a cohesive, enterprise-wide monitoring solutionHistory of working under strict regulatory or industry frameworks (e.g., FedRAMP, HIPAA, PCI), ensuring solutions meet required standards without sacrificing performanceDemonstrable client-facing experience in a consulting or services capacity, maintaining professionalism and clear communication in high-stakes or fast-paced engagementsSplunk Enterprise Certified Admin *or* SumoLogic Administration *or* Microsoft Security Operations Analyst AssociateAWS Solutions Architect Professional *or* AWS DevOps Engineer Professional *or* Azure Solutions Architect Expert *or* GCP Cloud ArchitectBachelor's degree or equivalent work experienceUS citizenship (required due to client contractual requirements)Professional services background: Prior experience supporting external clients from within a consulting or professional services organizationAutomation capabilities: Experience automating workflows in GitLab or GitHub with Terraform and AnsibleModern application architectures: Proven expertise with serverless, microservices, and related technologiesConfiguration baseline standards: Familiarity with CIS Benchmarks, DISA STIG, and other relevant guidelinesEncryption technologies: Hands-on experience implementing SSL, PKI, and other encryption methodsCompliance frameworks: Understanding of FedRAMP, FISMA, HIPAA, HITRUST, PCI, and similar regulatory standardsSplunk Enterprise Certified Architect *or* Splunk Certified Automation DeveloperBenefitsFlexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an officePaid parental leaveFlexible time offCertification and training reimbursementDigital mental health and wellbeing support membershipComprehensive insurance optionsCompany OverviewCoalfire is the premier Cybersecurity and Compliance Services leader for the tech, healthcare, and finance industries. It was founded in 2001, and is headquartered in Chicago, Illinois, US, with a workforce of 1001-5000 employees. Its website is https://www.coalfire.com?utm_source=LinkedIn&utm_medium=organicsocial.