Engineer, Senior CRIBL Rosslyn, VA

ATTENTION MILITARY AFFILIATED JOB SEEKERS - Our organization works with partner companies to source qualified talent for their open roles. The following position is available to Veterans Transitioning Military National Guard and Reserve Members Military Spouses Wounded Warriors and their Caregivers. If you have the required skill set education requirements and experience please click the submit button and follow the next steps. All positions are onsite unless otherwise stated.

Overview:
The Engineer Senior-CRIBL will serve as the technical lead for enterprise-scale data observability and telemetry management using the CRIBL Stream Edge and other CRIBL product platforms. This role is responsible for engineering optimizing and maintaining high-performance data routing pipelines that support security performance and compliance monitoring across cloud and on-prem environments. The engineer ensures seamless data flow between logging agents (e.g. syslog Splunk UF/HEC Elastic Beats Sentinel Cribl Edge) and downstream analytics platforms enforcing Zero Trust data principles and federal cybersecurity mandates.

This position performs all duties and responsibilities in accordance with the Mission Vision and Core Values of Cayuse.

Responsibilities:

• Design deploy and maintain CRIBL Stream Edge and other CRIBL product instances in hybrid (on-prem and cloud) environments.
• Implement data routing filtering and enrichment pipelines across multiple log sources and destinations.
• Optimize data ingestion performance retention and forwarding efficiency to reduce license and storage costs.
• Develop and maintain reusable pipelines and pack libraries for security and performance analytics.
• Integrate CRIBL with enterprise SIEM APM and analytics tools (e.g. Splunk Elastic Datadog Azure Monitor).
• Configure ingestion and routing for high-value telemetry (network endpoint cloud identity).
• Engineer observability solutions supporting continuous monitoring and real-time metrics collection.
• Design data normalization and transformation logic to meet analytic and compliance use cases.
• Enforce least-privilege access to observability data consistent with OMB M-22-09 EO 14028.
• Implement logging and monitoring controls in alignment with NIST SP 800-137 SP 800-53 Rev5 (AU IR SI families) and CISA Zero Trust Maturity Model.
• Support audit readiness by maintaining system configurations access logs and change management documentation.
• Collaborate with cybersecurity teams to ensure telemetry supports threat detection incident response and forensics.
• Perform data reduction deduplication and compression tuning to optimize ingestion volumes.
• Support Technology Business Management (TBM) reporting by identifying cost avoidance opportunities from CRIBL optimization and Business IT Service Modeling and Visualizations.
• Create performance dashboards and key metrics (MTTD MTTR throughput latency) to monitor platform health and other enterprise decision-making data insights as requested.
• Automate pipeline deployment and updates using IaC tools (Terraform Ansible or CRIBL APIs).
• Develop scripts for automated validation log parsing and error remediation.
• Maintain version-controlled configurations (Git) and promote code reuse and continuous integration practices.
• Maintain 99.9% operational uptime of CRIBL infrastructure.
• Deliver monthly optimization reports showing measurable reduction in log ingestion costs as well as data models that support cost avoidance in IT Service areas.
• Ensure all configurations and code are under version control and auditable.
• Provide real-time visibility dashboards for data pipeline health ingestion metrics enterprise IT Service compliance and performance and assessment compliance artifacts.
• Meet all federal cybersecurity and audit readiness requirements within defined SLAs.
• Other duties as assigned.

• Top Secret Clearance required.

• Splunk Enterprise Certified Architect or Elastic Engineer
• AWS/Azure DevOps or SysOps Certification
• CISSP CISM or equivalent (preferred for federal environments)

• Minimum 8 years in IT systems cybersecurity or observability engineering; 3 years directly managing CRIBL Stream/Edge environments.
• Strong knowledge of log formats (syslog JSON CEF LEEF Windows Event)
• Familiarity with CI/CD Git REST APIs and JSON/YAML scripting
• Working knowledge of Zero Trust telemetry and cross-domain logging architectures
• Understanding of NIST FISMA OMB A-130 and CISA cybersecurity directives
• Skilled in log normalization enrichment and cross-domain telemetry management.
• Experienced with hybrid integrations (Splunk Sentinel Elastic Datadog AWS CloudWatch).
• Experience with Terraform Ansible Git Python Bash REST APIs JSON/YAML.
• Top Secret Clearance required.
• Must be able to pass a background check. May require additional background checks as required by projects and/or clients at any time during employment.

• Exceptional interpersonal skills with the ability to communicate in a clear professional and articulate manner.
• Exceptional verbal and written communication skills.
• Excellent organizational analytical and problem-solving skills with high-level attention to detail.
• Proven ability to multitask and prioritize in a fast past environment with changing priorities; adaptable to change and a quick learner.
• Must be self-motivated and able to work well independently as well as on a multi-functional team.
• Ability to handle sensitive and confidential information appropriately
• Proficient in MS Office Word Outlook PowerPoint and Excel.

• CRIBL Certified Stream/Edge Engineer
• Splunk Enterprise Certified Architect or Elastic Engineer
• AWS/Azure DevOps or SysOps Certification
• CISSP CISM or equivalent (preferred for federal environments)

• Medical Dental and Vision Insurance; Wellness Program
• Flexible Spending Accounts (Healthcare Dependent Care Commuter)
• Short-Term and Long-Term Disability options
• Basic Life and AD&D Insurance (Company Provided)
• Voluntary Life and AD&D options
• 401(k) Retirement Savings Plan with matching after one year
• Paid Time Off

• Professional office environment.
• Must be able to work on-site in Rosslyn VA.
• Must be physically and mentally able to perform duties extended periods of time.
• Ability to use a computer and other office productivity tools with sufficient speed to meet the demands of this position.
• Must be able to establish a productive and professional workspace.
• Must be able to sit for long periods of time looking at computer screen.
• May be asked to work a flexible schedule which may include holidays.
• May be asked to travel for business or professional development purposes.
• May be asked to work hours outside of normal business hours.
• Other Duties: Please note this job description is not designed to cover or contain a comprehensive list of activities duties or responsibilities that are required of the employee for this job. Duties responsibilities and activities may change at any time with or without notice.

• USD $150000.00 - USD $190000.00 /Yr.