SIEM Integration Architect

What success looks like in this role:

• Lead the integration of alarm/data feeds from multiple SIEM platforms (e.g., Splunk, LogRhythm, Securonix) into Microsoft Sentinel.
• Configure and manage Cribl pipelines to collect, filter, transform, and enrich raw data before forwarding to Sentinel.
• Design and implement data normalization strategies to ensure consistent formatting, tagging, and field mapping.
• Build and maintain data ingestion workflows, ensuring optimized performance, scalability, and reliability.
• Develop and maintain custom Sentinel connectors, KQL queries, workbooks, and analytics rules.
• Implement and tune SOAR automation playbooks using Logic Apps or integrated response tools.
• Collaborate with resolver teams (Platform, Application, CloudOps) for end-to-end use case implementation.
• Act as SME for Microsoft Sentinel and Cribl architecture in client-facing and technical forums.
• Troubleshoot integration and ingestion issues across hybrid and cloud-native infrastructures.
• Establish alert pipelines to bring security alerts/alarms from legacy SIEM tools into Sentinel for centralized monitoring.
• Ensure data integrity, compliance, and auditability in accordance with customer and regulatory requirements.
• Generate technical documentation, integration standards, and data flow diagrams.
• Provide expert guidance to SOC analysts and security engineers on new use cases and data onboarding.
• Stay updated on current and emerging threats to enhance detection and response capabilities.

You will be successful in this role if you have:

• Required Skills & Experience:
• 10-15 years of experience in cybersecurity, with a strong technical background in SIEM tools and security data architecture.
• Proven experience with Microsoft Sentinel, including data connectors, KQL, and automation via Logic Apps.
• Hands-on expertise in Cribl: stream design, data parsing, enrichment, routing, and performance tuning.
• Experience with multiple SIEM platforms (e.g., Splunk, LogRhythm, Securonix) and their alarm/log structures.
• Deep understanding of SIEM data ingestion models, log collection, and telemetry pipelines.
• Familiarity with cloud-native services (Azure, AWS, GCP) and their logging/integration mechanisms.
• Scripting experience with Python and PowerShell for integration and automation tasks.
• Strong knowledge of security frameworks (MITRE ATT&CK, NIST, OWASP, etc.) and their application in real-world use cases.
• Ability to troubleshoot complex integration issues involving multiple data sources and tools.

Key Qualifications:

• Bachelors degree in Computer Science, Information Security, or related field.
• Certifications preferred: Microsoft SC-200, Security+, GCIH, CEH, Cribl Certified Admin.
• Excellent communication and stakeholder management skills.
• Strong problem-solving mindset and attention to detail.
• Ability to mentor junior staff and lead technical discussions.