You will lead the architecture, design, and implementation of data flow pipelines for security telemetry.
Responsibilities
Design and implement platform-agnostic ingestion frameworks using Cribl, Apache NiFi, or Vector to handle diverse input types (syslog, Kafka, HTTP, Event Hubs, Blob Storage).
Spearhead the creation and adoption of a schema normalization strategy leveraging OCSF, managing field mapping and validation logic.
Design and implement custom data transformations and enrichment using Groovy, Python, or JavaScript, enforcing security controls like SSL/TLS.
Ensure end-to-end traceability and lineage of data across the lifecycle through metadata tagging and correlation IDs.
Coordinate with security and analytics teams to ensure pipeline logic supports threat detection and compliance requirements.
Required Skills
10+ years of experience in Cybersecurity.
5+ years experience with Cribl, Vector, or other data pipeline platforms.
5+ years experience scripting in Python, JavaScript, or Groovy.
Experience ingesting and routing data to Snowflake, Splunk, ADX, or Log Analytics.
Proficiency in designing data transformation logic, including filtering, enrichment, and format conversion (JSON, XML, Logfmt).
Knowledge of schema normalization concepts and data governance procedures.
Ability to implement robust security controls (SSL/TLS, client authentication).