Senior SIEM Engineer (ELK / Sentinel)

About Coalfire

Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.

But that’s not who we are – that’s just what we do.

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.

Position Summary

We’re looking for a Senior SIEM Engineer to play a central role in implementing and maintaining robust security monitoring solutions—ensuring our clients stay protected against emerging cyber threats and remain compliant with industry standards. If you’re driven by a desire to innovate and thrive in a collaborative environment, come be part of a team committed to making the world a safer place.

What You'll Do

• Collaborate with a high-performing engineering team to deliver specialized security and cloud solutions across private and public sector environments.
• Serve as a cloud Subject Matter Expert (SME) by leading design, architecture, and deployment engagements in AWS, Azure, or GCP, leveraging automated orchestration and configuration management.
• Partner with leading Cloud Service Providers (CSPs) and enterprise clients to meet stringent security requirements and drive digital transformation efforts.
• Implement, update, and maintain security tooling solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender) to ensure robust threat detection, AV protection, and compliance.
• Implement, maintain, and update SIEM solutions (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) to enhance visibility and proactively mitigate cyber threats.
• Develop client cloud and security strategies, including future-state architectures, roadmaps, and transformation plans.
• Conduct cloud configuration and maturity reviews to identify gaps, optimize performance, and strengthen security posture.
• Coordinate with clients and internal teams to establish the right balance of defense-in-depth techniques, translating security objectives into secure, scalable solutions.
• Leverage Infrastructure-as-Code to build and implement secure and compliant enterprise servers, network infrastructures, boundary protections, and cloud architectures.
• Work across diverse technology stacks in AWS, Azure, and GCP, utilizing native cloud services to enhance deployments and streamline operations.
• Provide guidance during security assessment and authorization processes, ensuring alignment with industry frameworks and compliance standards.
• Author and peer-review detailed design documentation, including security documentation and vendor best practices, to maintain consistently high-quality deliverables.

What You'll Bring

• 5+ years of hands-on systems engineering and architecture experience—including requirements definition, architecture development, use-case/story creation, and systems integration/testing.
• 5+ years of cloud experience in architecture, design, implementation, operations, and automation (AWS, Azure, or GCP).
• Advanced proficiency with Infrastructure-as-Code (IaC) and orchestration/automation tools (e.g., Terraform, Ansible).
• Proven expertise with SIEM platforms (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) and enterprise antivirus (AV) solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender).
• Deep understanding of AWS, Azure, or GCP platform capabilities (ideally as a Cloud Architect, Cloud DevOps Engineer, or Cloud Security Engineer).
• Experience working in Agile environments with technical teams of three or more individuals.
• Excellent communication, organizational, and problem-solving skills, with the ability to convey complex technical information clearly.
• Strong documentation skills for creating technical diagrams, written descriptions, and other supporting materials.
• Demonstrated ability to work both independently and as a member of a team, maintaining a professional attitude and demeanor.
• Critical thinking skills to balance robust security requirements against mission objectives.
• Proven track record of adapting quickly and efficiently in fast-paced, dynamic environments
• Proven track record delivering end-to-end SIEM solutions in large-scale or high-compliance environments—from initial design through operational handover.
• Hands-on leadership or senior-level contribution in cloud security projects, collaborating across cross-functional teams (e.g., DevOps, architecture, compliance) to drive impactful security outcomes.
• Documented success integrating multiple security tools (SIEM, AV, intrusion detection systems, etc.) into a cohesive, enterprise-wide monitoring solution.
• History of working under strict regulatory or industry frameworks (e.g., FedRAMP, HIPAA, PCI), ensuring solutions meet required standards without sacrificing performance.
• Demonstrable client-facing experience in a consulting or services capacity, maintaining professionalism and clear communication in high-stakes or fast-paced engagements.

Bonus Points

• Professional services background: Prior experience supporting external clients from within a consulting or professional services organization.
• Advanced threat detection: Hands-on experience with techniques such as user and entity behavior analytics (UEBA) or machine learning-based anomaly detection.
• Automation capabilities: Experience automating workflows in GitLab or GitHub with Terraform and Ansible.
• Modern application architectures: Proven expertise with serverless, microservices, and related technologies.
• Configuration baseline standards: Familiarity with CIS Benchmarks, DISA STIG, and other relevant guidelines.
• Encryption technologies: Hands-on experience implementing SSL, PKI, and other encryption methods.
• Compliance frameworks: Understanding of FedRAMP, FISMA, HIPAA, HITRUST, PCI, and similar regulatory standards.
• Splunk Enterprise Certified Admin or SumoLogic Administration or Microsoft Security Operations Analyst Associate
• AWS Solutions Architect Professional or AWS DevOps Engineer Professional or Azure Solutions Architect Expert or GCP Cloud Architect
• Splunk Enterprise Certified Architect or Splunk Certified Automation Developer

Why You’ll Want to Join Us

At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.

Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.

At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, our Human Resources team at [email protected].