← all jobs

[Remote] Security Engineer (Splunk)

Work from home Full-time role Hiring

Note: The job is a remote job and is open to candidates in USA. Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. The Security Engineer (Splunk) will maintain and support SIEM solutions in cloud environments, manage log collection infrastructure, and develop detection rules to identify security events.

Responsibilities

  • Maintain SIEM solutions (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in cloud environments (AWS, Azure, GCP) to support FedRAMP continuous monitoring requirements
  • Maintain and support SIEM platforms (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in AWS, Azure, and GCP environments to support continuous monitoring and compliance requirements
  • Manage and maintain log collection infrastructure including forwarders, collectors, and ingestion pipelines across hybrid environments
  • Support SIEM performance tuning, storage management, retention settings, and licensing optimization under established operational guidelines
  • Implement and maintain log retention and audit configurations aligned with FedRAMP and other compliance framework requirements
  • Develop, tune, and maintain detection rules, correlation searches, and alerting logic to identify security events
  • Create and maintain custom parsers and field extractions for complex or proprietary log sources
  • Reduce false positives through ongoing rule tuning, baseline analysis, and detection improvement efforts
  • Participate in peer reviews of detection rules and SIEM configuration changes
  • Monitor SIEM alerts and investigate security events to support incident response and threat hunting activities
  • Contribute to development and maintenance of detection and response playbooks and operational procedures
  • Support troubleshooting of SIEM ingestion, parsing, and performance issues
  • Work with infrastructure and application teams to onboard new log sources and improve security visibility
  • Collect and organize SIEM control evidence and artifacts for audits and 3PAO assessment activities
  • Ensure SIEM configurations support required controls such as audit review, log integrity, and time synchronization
  • Create and maintain SIEM architecture, detection, and operational documentation and runbooks
  • Provide technical support during client reviews and operational meetings as assigned
  • Share knowledge and provide guidance to junior team members
  • Contribute to process improvement and automation initiatives within SIEM and detection workflows

Skills

  • 3+ years of hands-on systems engineering and architecture experience—including requirements definition, architecture development, use-case/story creation, and systems integration/testing
  • 3+ years of cloud experience in architecture, design, implementation, operations, and automation (AWS, Azure, or GCP)
  • Proven expertise with SIEM platforms (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) and enterprise antivirus (AV) solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender)
  • Understanding of AWS, Azure, or GCP platform capabilities (ideally as a Cloud Architect, Cloud DevOps Engineer, or Cloud Security Engineer)
  • Experience working in Agile environments with technical teams of three or more individuals
  • Excellent communication, organizational, and problem-solving skills, with the ability to convey complex technical information clearly
  • Strong documentation skills for creating technical diagrams, written descriptions, and other supporting materials
  • Demonstrated ability to work both independently and as a member of a team, maintaining a professional attitude and demeanor
  • Critical thinking skills to balance robust security requirements against mission objectives
  • Proven track record of adapting quickly and efficiently in fast-paced, dynamic environments
  • Proven track record delivering end-to-end SIEM solutions in large-scale or high-compliance environments—from initial design through operational handover
  • Hands-on leadership or senior-level contribution in cloud security projects, collaborating across cross-functional teams (e.g., DevOps, architecture, compliance) to drive impactful security outcomes
  • Documented success integrating multiple security tools (SIEM, AV, intrusion detection systems, etc.) into a cohesive, enterprise-wide monitoring solution
  • History of working under strict regulatory or industry frameworks (e.g., FedRAMP, HIPAA, PCI), ensuring solutions meet required standards without sacrificing performance
  • Demonstrable client-facing experience in a consulting or services capacity, maintaining professionalism and clear communication in high-stakes or fast-paced engagements
  • Splunk Enterprise Certified Admin *or* SumoLogic Administration *or* Microsoft Security Operations Analyst Associate
  • AWS Solutions Architect Professional *or* AWS DevOps Engineer Professional *or* Azure Solutions Architect Expert *or* GCP Cloud Architect
  • Bachelor's degree or equivalent work experience
  • US citizenship (required due to client contractual requirements)
  • Professional services background: Prior experience supporting external clients from within a consulting or professional services organization
  • Automation capabilities: Experience automating workflows in GitLab or GitHub with Terraform and Ansible
  • Modern application architectures: Proven expertise with serverless, microservices, and related technologies
  • Configuration baseline standards: Familiarity with CIS Benchmarks, DISA STIG, and other relevant guidelines
  • Encryption technologies: Hands-on experience implementing SSL, PKI, and other encryption methods
  • Compliance frameworks: Understanding of FedRAMP, FISMA, HIPAA, HITRUST, PCI, and similar regulatory standards
  • Splunk Enterprise Certified Architect *or* Splunk Certified Automation Developer

Benefits

  • Flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office
  • Paid parental leave
  • Flexible time off
  • Certification and training reimbursement
  • Digital mental health and wellbeing support membership
  • Comprehensive insurance options

Company Overview

  • Coalfire is the premier Cybersecurity and Compliance Services leader for the tech, healthcare, and finance industries. It was founded in 2001, and is headquartered in Chicago, Illinois, US, with a workforce of 1001-5000 employees. Its website is https://www.coalfire.com?utm_source=LinkedIn&utm_medium=organicsocial.
  • More open positions

    [Remote] Software Engineering Manager

    Work from home Full-time role

    [Remote] Full Stack Engineer - Mid level

    Work from home Full-time role

    [Remote] Digital Program Manager (DPM)

    Work from home Full-time role

    [Remote] Wastewater Business Development Manager

    Work from home Full-time role

    [Remote] Manager, Doctor Recruiting

    Work from home Full-time role

    VP Product Marketing – Semiconductor DSP

    Work from home Full-time role

    Cardiovascular Disease Specialist – Fort Wayne, IN

    Work from home Full-time role

    Experienced Customer Service Representative – Online Chat Support for careerzynith

    Work from home Full-time role

    Regional Operations Coordinator

    Work from home Full-time role

    Senior Functional Analyst (Remote)

    Work from home Full-time role

    Global Therapist

    Work from home Full-time role

    Remote Customer Service Representative – Full‑Time, Home‑Based Support Role – $27 /hr – careerzynith

    Work from home Full-time role

    Financial Advisor Associate (TRAINING & LICENSING PROVIDED)

    Work from home Full-time role

    Remote Part-Time Online Customer Chat Support Specialist – No Experience Required – Join careerzynith’s Dynamic Support Team

    Work from home Full-time role

    Global People & Culture Business Partner m/w/d

    Work from home Full-time role

    Partnership Specialist (Kenya, Madagscar and Zambia)

    Work from home Full-time role

    Amazon Data Entry Clerk (Remote)

    Work from home Full-time role

    Senior Workers Compensation Claims Adjuster - GA, NC, SC

    Work from home Full-time role

    Growth Creative Strategist

    Work from home Full-time role

    Motion Graphics Designer – PH Remote

    Work from home Full-time role

    Web UI/UX Designer (Remote, United States EST/CST)

    Work from home Full-time role