WINTrio LLCRemote
Log Management and SIEM Data Engineer
United States of America
Full Time
2 weeks ago
No H1B
Key skills
SQLAIArtificial IntelligenceMachine LearningMLData EngineeringAnalyticsAWSAzureAzure MonitorEntra IDSQL ServerGitHubSaaSAgileFirewall
About this role
WINTrio LLC is a leading provider of Cyber/DevSecOps, Cloud, Artificial Intelligence (AI)/Machine Learning (ML), and Agile Software Development solutions. As a Log Management and SIEM Data Engineer, you will support log ingestion, parsing, normalization, retention, routing, reporting, and long-term storage across Microsoft Sentinel and related federal security monitoring environments.
Responsibilities:
- Support onboarding of Microsoft and non-Microsoft log sources into Microsoft Sentinel
- Configure, validate, and troubleshoot log ingestion pipelines
- Support ingestion from AWS CloudTrail, VPC Flow Logs, Entra ID, MDE, MDI, firewalls, VPN, Proofpoint, GitHub, SQL Server, iBoss, Veeam, and third-party systems
- Monitor ingestion failures, forwarding interruptions, suppression, tampering, and pipeline health
- Support log normalization, schema mapping, transformation, and routing
- Support hot and cold storage log retrieval requirements
- Assist with QRadar legacy log transition analysis where authorized
- Document ingestion architecture, data flows, source mappings, field normalization, and retention settings
- Work with SOC analysts and detection engineers to ensure log sources support high-value detection use cases
Requirements:
- Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Data Engineering, or related field
- 5+ years of SIEM, log management, data pipeline, security data engineering, or cloud telemetry experience
- Hands-on experience with Microsoft Sentinel, Log Analytics, KQL, and SIEM data onboarding
- Experience with AWS logging, network device logs, firewall logs, identity logs, endpoint logs, and SaaS logs
- Understanding of log retention, audit readiness, evidence preservation, and security monitoring requirements
- Strong troubleshooting skills across network, cloud, endpoint, and identity telemetry
- Microsoft Sentinel, Azure Log Analytics, KQL, Azure Monitor, AWS CloudTrail, VPC Flow Logs
- WinCollect, Checkpoint, Cisco, iBoss, Proofpoint, GitHub, SQL Server, Veeam, Cribl or similar tools
- Certifications preferred: SC-200, AZ-500, AWS Security Specialty, Security+, CySA+, GCIA