Cybersecurity Architect

Role Summary
This position requires an experienced SIEM Engineer specializing in Coralogix platform administration to serve as the technical owner within a multi-tenant Security Operations Center environment. The role involves planning, implementing, configuring, and maintaining Coralogix instances while ensuring compliance with federal regulatory standards. The engineer will contribute to the evolution of security operations capabilities, focusing on detection, incident management, and platform integration at an enterprise scale.

Responsibilities

• Manage and administer the Coralogix platform within a shared multi-tenant SOC organization, including DataPrime, GROK/regex parsing rules, and alert configurations.
• Design, implement, and operate enterprise log collection pipelines across various network architectures, leveraging tools like OpenTelemetry Collector, Fluentd, and reverse proxy solutions.
• Develop detection engineering strategies, including creating and refining alert types such as threshold, anomaly, flow, and ratio alerts.
• Oversee incident management processes, ensuring adherence to SLAs and effective response workflows.
• Contribute to the broader SecOps technology stack by integrating detection, log management, and alerting tools with existing security infrastructure.
• Implement log pipelines adhering to data masking, field redaction, and sensitive data handling requirements in compliance with federal regulations.
• Collaborate with federal cybersecurity teams on logging architecture, audit log management, and ATO processes, ensuring compliance with NIST 800-53 AU controls and OMB M-21-31 standards.
• Manage and configure security integrations, including cloud-native APIs, endpoint telemetry, and network/security appliance logs, ensuring comprehensive visibility.
• Support automation scripting using Python, Bash, or equivalent to streamline log pipeline operations and platform integrations.
• Stay current on federal cybersecurity requirements, including FedRAMP and NIST guidelines, applying best practices to platform configuration and operational procedures.

Qualifications

• 10+ years of cybersecurity engineering experience with at least 5 years focused on SIEM platform engineering, administration, or log management.
• Proven hands-on experience with Coralogix, including platform administration, DataPrime query language, alert development, and pipeline design.
• Extensive experience architecting and managing enterprise-scale logging pipelines with tools such as OpenTelemetry Collector, Fluentd, or Fluent Bit.
• Familiarity with onboarding diverse log sources, including cloud services (AWS CloudTrail, VPC Flow Logs, S3), Kubernetes, Windows/Linux endpoints, and network appliances.
• Strong understanding of federal logging requirements, including NIST 800-53 AU controls and OMB M-21-31, with experience operating in regulated environments.
• Technical skills in Coralogix platform features: TCO Optimizer, SSO/SAML configuration, API key management, and ML integrations.
• Ability to script and automate tasks using Python, Bash, or similar tools for operational efficiency.
• Experience working within federal or regulated environments emphasizing multi-tenant data security and compliance.
• Excellent communication skills to convey technical decisions to non-technical stakeholders and promote platform adoption across teams.
• Relevant certifications such as Coralogix Certified Engineer, GIAC (GCED, GCIH, GCIA), AWS Security Specialty, CISSP, CISM, or Security+ are preferred.
• In compliance with federal law, all persons hired must verify their identity and eligibility to work in the United States and complete the required employment eligibility verification form upon hire. Candidates must be legally authorized to work in the United States without employer sponsorship, now or in the future.

Publishing Pay Range: $79.00 – $83.00 hourly
This position is based in office and requires employee to work on-site.