SIEM Data Ingestion Engineer (m/f)

Start: ASAP

Duration: 6 months +++

Location: remote

We are seeking a SIEM Data Ingestion Engineer to ensure comprehensive and continuous security event log coverage across our multi-cloud enterprise environment. This role is critical to maintaining our threat detection capabilities by guaranteeing that all security-relevant logs from cloud providers, operating systems, and applications are reliably ingested into our SIEM platform according to established logging standards.

Key Responsibilities

Log Stream Management & Monitoring

• Monitor and maintain continuous event log streams from all cloud providers (Azure, AWS, GCP), operating systems, and enterprise applications into the SIEM platform
• Proactively identify and remediate log ingestion gaps, delays, or failures that could impact threat detection capabilities
• Implement automated monitoring and alerting for log source health, volume anomalies, and ingestion pipeline failures
• Maintain comprehensive inventory of all log sources with coverage status and baseline metrics

Standards Compliance & Coverage Assurance

• Ensure all log sources comply with the organization's threat detection logging standards and security frameworks
• Conduct regular coverage assessments to identify gaps in log collection across infrastructure, applications, and cloud services
• Collaborate with cloud architects, application owners, and infrastructure teams to onboard new log sources and maintain existing integrations
• Validate that critical security events are being captured according to compliance requirements (ISO 27001, SOC 2, GDPR, etc.)

Data Pipeline Engineering

• Design, implement, and optimize log ingestion pipelines using streaming platforms such as Cribl, Splunk, or similar technologies
• Configure and manage logging agents across diverse operating systems and application environments
• Implement log parsing, filtering, enrichment, and routing rules to optimize SIEM performance and reduce noise
• Troubleshoot complex data pipeline issues affecting log delivery, parsing, or normalization

Multi-Cloud Audit Logging

• Configure and maintain audit logging for cloud provider services including Azure Monitor, AWS CloudTrail, GCP Cloud Logging
• Implement best practices for cloud-native logging services, ensuring proper retention, security, and accessibility
• Manage API integrations and event hub configurations for cloud service log ingestion
• Stay current with cloud provider logging capabilities and security event taxonomies

Governance & Reporting

• Develop and maintain GRC dashboards showing log coverage, ingestion health, and compliance metrics
• Produce regular reports on log source status, coverage gaps, and remediation progress for security leadership
• Document log source configurations, data flows, and operational procedures
• Participate in audit activities by demonstrating logging coverage and data retention compliance

Required QualificationsTechnical Experience

• 3-5 years of hands-on experience with SIEM platforms (Microsoft Sentinel, Splunk, QRadar, or similar)
• Proven experience with log streaming and aggregation platforms such as Cribl, Splunk Heavy Forwarders, Logstash, or Fluentd
• Strong background in deploying and managing logging agents across Windows, Linux, and cloud-native environments
• Demonstrated experience with multi-cloud audit logging services (Azure Monitor, AWS CloudTrail, GCP Cloud Logging)
• Experience implementing and maintaining GRC dashboards and compliance reporting frameworks

Technical Skills

• Deep understanding of common log formats (Syslog, CEF, JSON, Windows Event Log) and parsing techniques
• Proficiency with REST APIs, webhooks, and event streaming protocols
• Knowledge of network protocols and security event taxonomies (MITRE ATT&CK framework)
• Scripting capabilities in Python, PowerShell, or Bash for automation tasks
• Understanding of security logging best practices and threat detection use cases

Cloud & Infrastructure Knowledge

• Strong understanding of cloud provider IAM, networking, and security services across Azure, AWS, and GCP
• Familiarity with containerized environments (Kubernetes, Docker) and their logging architectures
• Knowledge of infrastructure as code concepts and tools (Terraform, ARM templates)
• Understanding of identity systems (Active Directory, Azure AD, Okta) and their audit capabilities

Preferred Qualifications

• Security certifications such as CISSP, Security+, or cloud security certifications (Azure Security Engineer, AWS Security Specialty)
• Experience with managed service provider (MSP) or multi-tenant SIEM environments
• Background in security operations or SOC environments
• Familiarity with compliance frameworks and audit requirements
• Experience with data governance and retention policies