Ennoble First Inc. · 2 days ago
SIEM Data Onboarding Engineer (Cyber Engineer – Mid LCAT)
Colorado Springs Area
Full-time
Onsite
Mid, Senior Level
$120K/yr - $150K/yr
5+ years expEnnoble First is a company supporting complex government, defense, and intelligence projects. They are seeking a SIEM Data Onboarding Engineer to design, deploy, and manage enterprise SIEM capabilities, focusing on data onboarding and ensuring high-quality data ingestion for security operations.
Cyber SecurityInformation TechnologySoftware
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Design, deploy, and manage Splunk SIEM infrastructure including indexers, search heads, forwarders, and deployment servers
Build and maintain data onboarding pipelines for enterprise systems, applications, and security tools
Develop and maintain Splunk configurations including props.conf, transforms.conf, inputs.conf, outputs.conf, and Splunk Apps/TAs
Configure and manage Cribl sources, destinations, routes, collectors, and pipelines
Parse, normalize, enrich, mask, deduplicate, and route data to Splunk and downstream platforms
Develop and maintain SPL searches, dashboards, alerts, and validation queries
Monitor and troubleshoot SIEM performance, ingestion latency, parsing errors, and data quality issues
Collaborate with security operations and engineering teams to support detection engineering requirements
Implement best practices for indexing strategy, data retention, and platform scalability
Produce documentation and provide operational support for SIEM workflows
Qualification
Required
Bachelor's degree and 5+ years of experience supporting IT or cybersecurity projects and activities
Experience managing and configuring Splunk SIEM environments
Experience with Splunk architecture including indexers, search heads, forwarders, and deployment servers
Experience using Splunk REST APIs for automation and operational tasks
Experience configuring Cribl sources, destinations, routes, collectors, and pipelines
Experience building pipelines to parse, normalize, enrich, mask, deduplicate, and route data
Experience authoring and maintaining Splunk configuration files and packaging Apps/TAs
Experience administering Linux and Windows systems including services, permissions, file paths, and log locations
Experience using regex for field extraction and event breaking
Active TS/SCI clearance; willingness to take a polygraph exam
Active DoD 8570 Information Assurance Technician (IAT) Level II certification (e.g., Security+ CE, CCNA-Security, GSEC, SSCP, CySA+, GICSP, or CND)
Must obtain a DoD 8570 Cybersecurity Service Provider – Infrastructure Support certification (e.g., CEH, CySA+, GICSP, SSCP, CHFI, CFR, Cloud+, or CND) prior to start date
Preferred
Experience working in regulated environments using DISA STIGs or organizational hardening standards
Strong understanding of networking fundamentals including TCP/UDP, TLS, syslog transport, and firewall ports
Experience troubleshooting with tools such as tcpdump or Wireshark
Familiarity with common log formats including syslog, Windows Event Logs, JSON, CSV, and XML
Proficiency with SPL for validation, troubleshooting, and dashboard development
Experience with scripting languages such as Python, Bash, or PowerShell
Familiarity with Git and Ansible automation workflows
Strong written and verbal communication skills
Benefits
Relocation Assistance
Company
Ennoble First Inc.
Cutting-Edge Engineering Firm delivering an AI and Data Centric Solutions Model that automates the mundane to better utilize human decision making for mission critical actions.
51-200 employees
Funding
Current Stage
Growth StageLeadership Team
Ganesh N.
President and CEO
Lisa Natarajan
Chief Administrative Officer, CNO
Company data provided by crunchbase