Lead SIEM (Security Incident & Event Monitoring) Engineer

The Lead SIEM Engineer within the Cyber Command Center (C3) serves as a senior technical authority contributing to a variety of global enterprise information security services in support of the Chief Information Security Officer. This individual will have demonstrated the ability to work independently and lead technical initiatives with minimal supervision on security related tasks. This person should be able to independently lead projects, drive results, and build positive relationships with coworkers and customers (both internal and external).

This role places a primary focus on the architecture, engineering, and optimization of three core platforms:

Splunk Cloud Enterprise SIEM platform management, architecture, and content development

Amazon Web Services (AWS) Cloud infrastructure supporting security data pipelines and SIEM operations

Cribl Enterprise data ingestion, routing, and pipeline management

This individual will play a lead role in supporting one or more of the following enterprise security services:

• Information Security Monitoring & Analysis
• Information Security Incident Response
• Investigations & Digital Forensics
• Exposure Management
• Insider Threat & Threat Intelligence
• Information Security Automation & Development
  
  

Lead SIEM (Security Incident & Event Monitoring) Engineer

Position Summary

The Lead SIEM Engineer within the Cyber Command Center (C3) serves as a senior technical authority contributing to a variety of global enterprise information security services in support of the Chief Information Security Officer. This individual will have demonstrated the ability to work independently and lead technical initiatives with minimal supervision on security related tasks. This person should be able to independently lead projects, drive results, and build positive relationships with coworkers and customers (both internal and external).

This role places a primary focus on the architecture, engineering, and optimization of three core platforms:

Splunk Cloud Enterprise SIEM platform management, architecture, and content development

Amazon Web Services (AWS) Cloud infrastructure supporting security data pipelines and SIEM operations

Cribl Enterprise data ingestion, routing, and pipeline management

This individual will play a lead role in supporting one or more of the following enterprise security services:

• Information Security Monitoring & Analysis
• Information Security Incident Response
• Investigations & Digital Forensics
• Exposure Management
• Insider Threat & Threat Intelligence
• Information Security Automation & Development
  
  

About The Role

The Lead SIEM Engineer will serve as the senior technical lead for building, maintaining, and evolving the infrastructure supporting the collection, correlation, and identification of indicators of malicious or inappropriate activity. This individual must have deep technical expertise managing security-relevant data to facilitate intrusion detection, log analysis, and incident response at an enterprise scale.

This role requires the individual to function as a primary escalation path for complex events and incidents, provide architectural guidance, and help shape the long-term direction of the SIEM and data ingestion program at Asurion. The ideal candidate possesses a passion for complex problem solving, the ability to challenge assumptions and consider alternative perspectives, the capacity to think critically under pressure, and the skill to operate effectively in a strong team environment.

Responsibilities

• Serve as the primary architect and subject matter expert for the enterprise Splunk Cloud environment
• Lead the configuration, growth, and maintenance of the Splunk Cloud platform, ensuring high availability, performance, and scalability
• Drive advanced content development including correlation searches, dashboards, reports, and data models aligned to CIM compliance
• Manage and optimize Splunk configuration including Props, Transforms, Field Extractions, Heavy Forwarders, and HEC endpoints
• Lead onboarding of new data sources, ensuring proper parsing, normalization, and CIM compliance
• Oversee and continuously improve Splunk Enterprise Security (ES) use case development and tuning
• Amazon Web Services (AWS)
• Design, implement, and manage AWS infrastructure supporting SIEM data pipelines and security operations
• Leverage AWS services (S3, Kinesis, Lambda, CloudWatch, IAM, etc.) to support secure, scalable data flows into the SIEM environment
• Ensure cloud-native log sources are properly integrated and optimized within the security data ecosystem
• Partner with Cloud and Infrastructure teams to ensure AWS security posture aligns with organizational standards
• Identify and implement AWS cost optimization strategies related to security data storage and processing
• Cribl (Data Ingestion)
• Serve as the enterprise lead for Cribl architecture, deployment, and ongoing administration
• Design and manage Cribl pipelines to route, filter, transform, and enrich security-relevant data before ingestion into Splunk Cloud and other destinations
• Optimize data flows to reduce noise, improve data quality, and manage licensing costs across the SIEM platform
• Evaluate and onboard new data sources through Cribl, ensuring consistent standards for data formatting and delivery
• Develop and maintain Cribl routing logic in alignment with the organization's data retention and security policies
• Additional Responsibilities
• Support the development and reporting of SIEM program KPIs in partnership with Security Leadership
• Define, build, and govern an Information Security Data Retention lifecycle across cloud and on-premise environments
• Support and help drive the vendor relationship strategy for SIEM and data ingestion tooling
• Perform analysis and response to security-relevant alerts and events; serve as a senior escalation point for Security Analysts and junior SIEM Engineers
• Actively mentor junior and mid-level team members, fostering a culture of knowledge sharing and technical growth
• Collect, assess, and report upon relevant threat intelligence and actionable security information, and appropriately modify tactical operations accordingly
• Identify business risk and advise appropriate business contacts as required to address and treat such risk
• Support the automation and continuous improvement of the overall Information Security posture at Asurion
• Assist with executing remediation plans for gaps identified in audits or recommended process improvements that affect core information security services
• Proactively seek out new technical solutions, identify capability gaps, and understand risk-based prioritization within the greater Security & Risk function
• Update job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining professional networks; and participating in professional organizations
• Perform other related duties as assigned in support of broader Security & Risk program efforts
  
  

Requirements

• BA or BS in Computer Science, Management Information Systems, Engineering, or a related field desirable; practical experience combined with education and certifications may be considered
• MS in Computer Science, Information Systems, Engineering, or a related field, desired
• Experience
• 7+ years of progressive experience in computing, with a strong emphasis on SIEM engineering, architecture, and administration
• 5+ years of hands-on experience with Splunk Cloud, including architecture, administration, content development, and CIM compliance (HEC, Props, Transforms, Extractions, Dashboarding, Splunk ES, etc.)
• 5+ years of demonstrated experience working within AWS, including security-relevant services such as S3, Kinesis, Lambda, CloudWatch, IAM, and related data pipeline tooling
• 3+ years of hands-on experience with Cribl or comparable data pipeline/log routing technologies (e.g., Kafka, Logstash) in an enterprise environment
• Experience with other SIEM platforms considered (ArcSight, QRadar, ELK, LogLogic, etc.)
• Documented understanding of core network protocols (TCP/IP, ICMP, DHCP, DNS, etc.)
• Familiarity with common programming and scripting languages (Python, PowerShell, Java, C#, Bash, etc.)
• Vast knowledge within Linux environments, including editing and maintaining configuration files and applications
• Certifications (Desired): Splunk Certified Administrator. Splunk Certified Architect, Splunk Enterprise Security Certified Admin, AWS Certified Security Specialty or AWS Certified Solutions Architect, Cribl Certifications (where applicable)
  
  

Skills & Competencies

• Ability to operate under ambiguous circumstances, address complex issues, and leverage data to make informed decisions
• Strong leadership presence with the ability to influence technical direction across teams and with leadership stakeholders
• Excellent communication skills (oral, written, and presentation); strong interpersonal and consultative abilities
• Demonstrated ability to mentor team members and drive knowledge transfer across the organization
• Additional Information
• This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities
  
  

For two decades, Asurion has led the technology protection industry around the globe. The Company provides premier support solutions to enable optimum use of technology; digital applications to protect privacy and provide security; and rapid replacement of lost, stolen, damaged, or malfunctioning devices. Asurion partners with the leading wireless companies, retailers, and service providers enabling them to focus on their businesses and to provide services that delight their customers. Asurion's 16,000+ employees worldwide specialize in fulfilling the needs of more than 280 million consumers.

We value open source technologies, solve challenging and unique problems, and innovate quickly. We embrace continuous delivery and Lean Startup principles. We encourage creativity from our architects and engineers every step of the way, working with various teams including product, user experience, call center operations, mobile, and systems. Our teams are small enough to make fast decisions, yet our audience is large enough that our work makes a tremendous impact.