Security Engineer (SPLUNK)

About this role

About Coalfire

Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world.

But that’s not who we are – that’s just what we do.

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.

### What You’ll Do

• Maintain SIEM solutions (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in cloud environments (AWS, Azure, GCP) to support FedRAMP continuous monitoring requirements
• Maintain and support SIEM platforms (Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) in AWS, Azure, and GCP environments to support continuous monitoring and compliance requirements
• Manage and maintain log collection infrastructure including forwarders, collectors, and ingestion pipelines across hybrid environments
• Support SIEM performance tuning, storage management, retention settings, and licensing optimization under established operational guidelines
• Implement and maintain log retention and audit configurations aligned with FedRAMP and other compliance framework requirements
• Develop, tune, and maintain detection rules, correlation searches, and alerting logic to identify security events
• Create and maintain custom parsers and field extractions for complex or proprietary log sources
• Reduce false positives through ongoing rule tuning, baseline analysis, and detection improvement efforts
• Participate in peer reviews of detection rules and SIEM configuration changes
• Monitor SIEM alerts and investigate security events to support incident response and threat hunting activities
• Contribute to development and maintenance of detection ...