SIEM Integration Architect

What success looks like in this role:

• Lead the integration of alarm/data feeds from multiple SIEM platforms (e.g. Splunk LogRhythm Securonix) into Microsoft Sentinel.
• Configure and manage Cribl pipelines to collect filter transform and enrich raw data before forwarding to Sentinel.
• Design and implement data normalization strategies to ensure consistent formatting tagging and field mapping.
• Build and maintain data ingestion workflows ensuring optimized performance scalability and reliability.
• Develop and maintain custom Sentinel connectors KQL queries workbooks and analytics rules.
• Implement and tune SOAR automation playbooks using Logic Apps or integrated response tools.
• Collaborate with resolver teams (Platform Application CloudOps) for end-to-end use case implementation.
• Act as SME for Microsoft Sentinel and Cribl architecture in client-facing and technical forums.
• Troubleshoot integration and ingestion issues across hybrid and cloud-native infrastructures.
• Establish alert pipelines to bring security alerts/alarms from legacy SIEM tools into Sentinel for centralized monitoring.
• Ensure data integrity compliance and auditability in accordance with customer and regulatory requirements.
• Generate technical documentation integration standards and data flow diagrams.
• Provide expert guidance to SOC analysts and security engineers on new use cases and data onboarding.
• Stay updated on current and emerging threats to enhance detection and response capabilities.

You will be successful in this role if you have:

• Required Skills & Experience:
• 1015 years of experience in cybersecurity with a strong technical background in SIEM tools and security data architecture.
• Proven experience with Microsoft Sentinel including data connectors KQL and automation via Logic Apps.
• Hands-on expertise in Cribl: stream design data parsing enrichment routing and performance tuning.
• Experience with multiple SIEM platforms (e.g. Splunk LogRhythm Securonix) and their alarm/log structures.
• Deep understanding of SIEM data ingestion models log collection and telemetry pipelines.
• Familiarity with cloud-native services (Azure AWS GCP) and their logging/integration mechanisms.
• Scripting experience with Python and PowerShell for integration and automation tasks.
• Strong knowledge of security frameworks (MITRE ATT&CK NIST OWASP etc.) and their application in real-world use cases.
• Ability to troubleshoot complex integration issues involving multiple data sources and tools.

Key Qualifications:

• Bachelors degree in Computer Science Information Security or related field.
• Certifications preferred: Microsoft SC-200 Security GCIH CEH Cribl Certified Admin.
• Excellent communication and stakeholder management skills.
• Strong problem-solving mindset and attention to detail.
• Ability to mentor junior staff and lead technical discussions.

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age blood type caste citizenship color disability family medical history family status ethnicity gender gender expression gender identity genetic information marital status national origin parental status pregnancy race religion sex sexual orientation transgender status veteran status or any other category protected by law.

This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers. If you are a US job seeker unable to review the job opportunities herein or cannot otherwise complete your expression of interest without additional assistance and would like to discuss a request for reasonable accommodation please contact our Global Recruiting organization at or alternatively Toll Free: (Prompt 4). US job seekers can find more information about Unisys EEO commitment here.