Engineer, Senior-CRIBL

Overview

The Engineer, Senior-CRIBL will serve as the technical lead for enterprise-scale data observability and telemetry management using the CRIBL Stream, Edge and other CRIBL product platforms. This role is responsible for engineering, optimizing, and maintaining high-performance data routing pipelines that support security, performance, and compliance monitoring across cloud and on-prem environments. The engineer ensures seamless data flow between logging agents (e.g., syslog, Splunk UF/HEC, Elastic Beats, Sentinel, Cribl Edge) and downstream analytics platforms, enforcing Zero Trust data principles and federal cybersecurity mandates.

This position performs all duties and responsibilities in accordance with the Mission, Vision, and Core Values of Cayuse.

Responsibilities

• Design, deploy, and maintain CRIBL Stream, Edge and other CRIBL product instances in hybrid (on-prem and cloud) environments.
• Implement data routing, filtering, and enrichment pipelines across multiple log sources and destinations.
• Optimize data ingestion performance, retention, and forwarding efficiency to reduce license and storage costs.
• Develop and maintain reusable pipelines and pack libraries for security and performance analytics.
• Integrate CRIBL with enterprise SIEM, APM, and analytics tools (e.g., Splunk, Elastic, Datadog, Azure Monitor).
• Configure ingestion and routing for high-value telemetry (network, endpoint, cloud, identity).
• Engineer observability solutions supporting continuous monitoring and real-time metrics collection.
• Design data normalization and transformation logic to meet analytic and compliance use cases.
• Enforce least-privilege access to observability data, consistent with OMB M-22-09 EO 14028.
• Implement logging and monitoring controls in alignment with NIST SP 800-137, SP 800-53 Rev5 (AU, IR, SI families), and CISA Zero Trust Maturity Model.
• Support audit readiness by maintaining system configurations, access logs, and change management documentation.
• Collaborate with cybersecurity teams to ensure telemetry supports threat detection, incident response, and forensics.
• Perform data reduction, deduplication, and compression tuning to optimize ingestion volumes.
• Support Technology Business Management (TBM) reporting by identifying cost avoidance opportunities from CRIBL optimization and Business IT Service Modeling and Visualizations.
• Create performance dashboards and key metrics (MTTD, MTTR, throughput, latency) to monitor platform health and other enterprise decision-making data insights as requested.
• Automate pipeline deployment and updates using IaC tools (Terraform, Ansible, or CRIBL APIs).
• Develop scripts for automated validation, log parsing, and error remediation.
• Maintain version-controlled configurations (Git) and promote code reuse and continuous integration practices.
• Maintain 99.9% operational uptime of CRIBL infrastructure.
• Deliver monthly optimization reports showing measurable reduction in log ingestion costs as well as data models that support cost avoidance in IT Service areas.
• Ensure all configurations and code are under version control and auditable.
• Provide real-time visibility dashboards for data pipeline health, ingestion metrics, enterprise IT Service compliance and performance, and assessment compliance artifacts.
• Meet all federal cybersecurity and audit readiness requirements within defined SLAs.
• Other duties as assigned.

Qualifications

• Minimum 8+ years in IT systems, cybersecurity, or observability engineering; 3+ years directly managing CRIBL Stream/Edge environments.
• Strong knowledge of log formats (syslog, JSON, CEF, LEEF, Windows Event)
• Familiarity with CI/CD, Git, REST APIs, and JSON/YAML scripting
• Working knowledge of Zero Trust telemetry and cross-domain logging architectures
• Understanding of NIST, FISMA, OMB A-130, and CISA cybersecurity directives
• Skilled in log normalization, enrichment, and cross-domain telemetry management.
• Experienced with hybrid integrations (Splunk, Sentinel, Elastic, Datadog, AWS CloudWatch).
• Experience with Terraform, Ansible, Git, Python, Bash, REST APIs, JSON/YAML.
• Top Secret Clearance required.
• Must be able to pass a background check. May require additional background checks as required by projects and/or clients at any time during employment.

Minimum Skills:

• Exceptional interpersonal skills with the ability to communicate in a clear, professional, and articulate manner.
• Exceptional verbal and written communication skills.
• Excellent organizational, analytical, and problem-solving skills with high-level attention to detail.
• Proven ability to multitask and prioritize in a fast past environment with changing priorities; adaptable to change and a quick learner.
• Must be self-motivated and able to work well independently as well as on a multi-functional team.
• Ability to handle sensitive and confidential information appropriately
• Proficient in MS Office, Word, Outlook, PowerPoint, and Excel.

Desired Qualifications:

• CRIBL Certified Stream/Edge Engineer
• Splunk Enterprise Certified Architect or Elastic Engineer
• AWS/Azure DevOps or SysOps Certification
• CISSP, CISM, or equivalent (preferred for federal environments)

Our Commitment to you / overview of benefits

• Medical, Dental and Vision Insurance; Wellness Program
• Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
• Short-Term and Long-Term Disability options
• Basic Life and AD&D Insurance (Company Provided)
• Voluntary Life and AD&D options
• 401(k) Retirement Savings Plan with matching after one year
• Paid Time Off

Reports to: Client Account Director

Working Conditions

• Professional office environment.
• Must be able to work on-site in Rosslyn, VA.
• Must be physically and mentally able to perform duties extended periods of time.
• Ability to use a computer and other office productivity tools with sufficient speed to meet the demands of this position.
• Must be able to establish a productive and professional workspace.
• Must be able to sit for long periods of time looking at computer screen.
• May be asked to work a flexible schedule which may include holidays.
• May be asked to travel for business or professional development purposes.
• May be asked to work hours outside of normal business hours.

Other Duties: Please note this job description is not designed to cover or contain a comprehensive list of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Cayuse is an Equal Opportunity Employer. All employment decisions are based on merit, qualifications, skills, and abilities. All qualified applicants will receive consideration for employment in accordance with any applicable federal, state, or local law.

Pay Range

USD $150,000.00 - USD $190,000.00 /Yr.