Lead SIEM Analyst - CrowdStrike , Cribl

Scope :

This role will focus on building, operating, and continuously improving SIEM capabilities that enable proactive threat detection, efficient investigations, and scalable security monitoring across a global, cloud-first enterprise.

What You’ll do:

• Design, implement, and operate SIEM capabilities using CrowdStrike NGSIEM
• Lead onboarding of new log sources, including development of custom parsers, field normalization, and data validation
• Build, tune, and maintain detection rules, correlation logic, and alerting aligned with real-world threats and MITRE ATT&CK
• Create and maintain dashboards and visualizations to support SOC operations, leadership reporting, and compliance requirements
• Use CrowdStrike Query Language (CQL) for advanced investigations, threat hunting, and data analysis
• Design and manage log ingestion pipelines using Cribl, including routing, enrichment, filtering, and transformation
• Develop and maintain automation and API-based integrations to streamline data onboarding, detection deployment, and operational workflows
• Partner with SOC analysts, cloud teams, and platform owners to ensure high-quality, security-relevant telemetry
• Act as a technical escalation point for SIEM-related investigations and incident response
• Continuously improve detection fidelity, data quality, and SIEM performance
• Support audit and compliance initiatives (e.g., PCI-DSS, ISO 27001, SOC 2) through monitoring, reporting, and evidence generation
• Document SIEM architecture, data flows, detection logic, and operational runbooks

• Security Tech Stack / Tools
• SIEM & Detection
• CrowdStrike NGSIEM (primary)
• Splunk (acceptable alternative where NGSIEM experience is not available)
• Detection engineering, correlation rules, dashboards, and alerting
• Log & Data Engineering
• Cribl (pipelines, routing, enrichment, filtering)
• Custom parser development and log normalization
• Automation & Integration
• Python, PowerShell
• REST APIs, Webhooks
• Automation for SIEM operations and integrations
• Any SOAR Tool Experience

What We’re Looking For

• 5 - 8 years of hands-on experience in SIEM engineering, detection engineering, or security monitoring
• Strong hands-on experience with CrowdStrike NGSIEM is required
  • Candidates without NGSIEM experience must demonstrate deep, hands-on SIEM engineering experience using Splunk in enterprise environments
• Proven experience developing custom parsers and onboarding diverse log sources
• Hands-on experience with CrowdStrike Query Language (CQL) or equivalent SIEM query languages
• Strong experience building detection rules, dashboards, and alerting for SOC operations
• Hands-on experience with Cribl for log routing, enrichment, and pipeline optimization
• Experience with automation and API-based integrations
• Solid understanding of security telemetry, log formats, and large-scale log ingestion architectures
• Ability to work effectively in a global, fast-paced environment

Preferred Skills / Nice to Have

• CrowdStrike Certified Security Engineer (CCSE) – strong plus
• Experience supporting SOC or MSSP environments
• Familiarity with compliance-driven monitoring (PCI-DSS, ISO 27001, SOC 2)
• Experience leading SIEM modernization or large-scale onboarding initiatives
• Strong communication skills and ability to collaborate across engineering and security teams

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.