Security Observability Engineer
Listed on 2026-07-06
-
IT/Tech
Cybersecurity
Join Starr, a global leader in commercial insurance with over a century of expertise. We empower our employees to innovate, make impactful decisions, and build lasting client relationships worldwide. At Starr, you'll work in an entrepreneurial culture alongside accessible leaders, leveraging our financial strength and vast industry experience to deliver solutions for our clients, no matter how complex. Grow your career with a rapidly growing company that invests in its people and their ability to drive real progress.
SecurityObservability Engineer Job Overview
We are seeking an experienced Security Observability Engineer to lead the migration, optimization, and secure operation of our log ingestion and observability pipelines. The role emphasizes secure data delivery, advanced SIEM coverage, Splunk expertise, data reduction strategies, and robust load balancing and high availability for log infrastructure.
Key Responsibilities- End-to-End SIEM Pipeline Management & Optimization
- Lead the migration of log sources from Splunk ingestion to Cribl Stream/Edge pipelines, ensuring load-balanced, fault-tolerant delivery and processing of security and IT logs.
- Architect and manage scalable, resilient pipelines—including design,implementation, and operation of load balancing solutions (e.g., Cribl worker groups, external load balancers, or syslog load distribution) for high ingest volumes.
- Analyze, tune and securely onboard all log sources (firewalls, EDR, cloud,authentication, proxies, etc.)—covering parsing, filtering, and data reduction techniques to minimize Splunk ingest/storage costs without sacrificing security coverage.
- Develop and maintain Cribl and Splunk configurations, including advanced transformations, field normalization, masking, and enrichment for security analytics.
- Ensure optimal distribution of logging workload across Cribl worker nodes and Splunk indexers to prevent bottlenecks, data loss, or single points of failure.
- Security Event Visibility and SOC Enablement
- Collaborate with SOC, IR, and threat detection teams to ensure all security logsreach the SIEM eRiciently and reliably, and logs are tuned for actionable detection.
- Actively monitor, test, and remediate pipeline balancing and ingestion health to maximize uptime and forensic visibility.
- Respond to and resolve SIEM and pipeline issues that impact security, detection, or compliance visibility.
- Governance, Compliance & Documentation
- Apply and document security policies for log routing, load balancing, event retention, and integrity—ensuring pipeline architecture meets audit, legal, and privacy requirements.
- Track and report ingest reduction, Splunk cost savings, pipeline health, and eventloss/drop rates across the load-balanced infrastructure.
- Maintain clear, up-to-date documentation of log flows, pipeline topology, load balancing strategies, and operational procedures.
Skills & Qualifications
- Extensive hands-on experience with Splunk SIEM engineering (indexers, search heads, clustering, forwarders, CIM, performance/load optimization).
- 2+ years with Cribl Stream/Edge, including deployment and tuning of distributed,load-balanced pipelines.
- Deep understanding of machine data transport (syslog, HEC, TCP, UDP), log balancing strategies (syslog balancers, DNS round-robin, Cribl worker groups, etc.), and high-availability logging environments.
- Proven expertise onboarding, parsing, and tuning security log sources (firewalls,cloud, EDR/XDR, IAM, authentication, and networking) for best possible coverage and SOC/IR support.
- Advanced Splunk SPL, data model, event parsing, and alert tuning skills; practicalSIEM optimization experience.
- Scripting/automation ability (Python, shell/CLI, or similar) for pipeline management and validation.
- Strong troubleshooting, monitoring, and operational dashboard skills for both pipeline and SIEM health.
- Hands-on experience designing and operating clustered/HA Cribl and Splunkdeployments (worker groups, clustered indexers, resilient data forwarders, etc.).
- Splunk ES or Cribl certifications.
- No loss of security data or alert coverage during/after pipeline migration and optimization.
- Documented,…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).