Principal SIEM Engineer


Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you're ready to challenge yourself with work that matters, then this is the place for you. We're redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!

Who We Are

Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business. 

Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.

Deepwatch recognition includes:

  • 2023, 2022 and 2021 Great Place to Work® Certified
  • 2023 and 2022 Forbes America’s Best Startup Employers
  • 2023 and 2022 Fortress Cybersecurity Award
  • 2023 $180M Series C investment from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners of Vista Equity Partners
  • 2022 Cigna Healthy Workforce Silver Designation
  • 2022 Cybersecurity Excellence Award for MDR

Principal SIEM Engineer 

As a Principal SIEM Engineer, your primary mission is to tackle intricate challenges that our customers encounter daily.  This role demands expert-level SIEM proficiency, with a primary focus on Splunk, as well as a strong background in Linux systems administration, exceptional organizational skills, and the ability to foster positive relationships.  Your core  responsibilities include the successful delivery of complex strategic projects, achieved through critical thinking, that balance long-term solutions with short-term wins, all while ensuring an exceptional customer experience. You will serve as an internal escalation point at Deepwatch, offering technical and thought leadership for others to follow.  Candidates must display aptitude and ability to manage a multitude of virtual resources in a fast paced environment. This position is virtual / remote - working from a home office unless traveling to a corporate office or client site. 

If you want to be a part of a dynamic team that will leverage your skills to innovate and maximize customer experience, enable you to maintain a strong work life balance, and assist you in reaching your career goals within the Information Security industry, look no further - this is a great opportunity for you. 

In this role, you’ll get to:

  • Configure, manage, and maintain Splunk deployments to include clustering and high availability scenarios in our customer AWS, GCP, Azure, and On-Premise environments
  • Architect, configure, manage, and maintain Linux systems 
  • Review infrastructure performance in AWS
  • Secure deployed Splunk Enterprise systems and solutions to industry best practices
  • Perform complex troubleshooting, upgrades, and configuration of Splunk including Splunk integrations and apps
  • Perform complex troubleshooting, configuration, upgrades, and administration of Linux Operating Systems
  • Partner with fellow deepwatch experts to drive continuous improvements and efficiency enhancements for our customers through the Deepwatch Security Platform.
  • Consult with customers, in all roles, including leadership, to effectively deliver security solutions, and architecture recommendations 
  • Be an escalation point and mentor for SIEM Operations and Engineering team; focusing on excellent customer service and triaging of issues strategically in a timely manner
  • Prioritize and deliver solutions to deliverables from a wide range of engagements including:  Platform Operations and Engineering Management, cases created, and escalations for technical issues
  • Be part of the on-call rotation for critical production support outages
  • Operate as primary point of contact for projects and long term initiatives 
  • Create and maintain documentation for customer environments, processes, and best practices; driving a culture of documentation on the team
  • Raise environmental and platform risks to management to avoid unnecessary Risk exposure
  • Travel, on occasion, to customer sites to assist in Executive Business Reviews (EBR)
  • Keep up-to-date with information security news, techniques, and trends

You’ll be successful in this role, if you:

  • Have SIEM Certifications (Splunk Certified Developer, Splunk Core Certified Consultant, or Enterprise Certified Architect preferred) and/or equivalent  demonstrable advanced experience with SIEM administration 
  • Have your Linux Foundation Certified System Engineer (LFCS) or Red Hat Certified Engineer (RHCE) certification equating to broad demonstrable Linux System Administration skills (e.g., CentOS, RedHat, Ubuntu, etc.) including experience with file permissions, certificates, manipulation & editing of files, system tuning, security permissions, troubleshooting, network connectivity, and automation. 
  • Demonstrate a working knowledge in at least four of the following areas: Enterprise network architecture/administration,  Enterprise Network Infrastructure Engineering or administration, Cloud architecture and engineering, Endpoint Engineering and Administration, Identity and Access Management, DevOps, Security Operations Center (SOC), or SIEM Architecture and EngineeringHave experience providing customer-facing operational support in cybersecurity or information technology operations
  • Have strong written and verbal communication skills in a technical environment
  • Demonstrate an excellent customer service mentality
  • Are a self-driven individual, who enjoys delivering value collaboratively
  • Have broad experience with cloud infrastructure administration (e.g., Splunk, AWS, Azure, GCP, etc.)
  • Proficient experience with Docker configuration and administration
  • Have proficient experience with configuration management/orchestration tools (e.g., Ansible or AWX, Puppet, Terraform, etc.)
  • Leverage your programming/scripting experience to help automate routine tasks (e.g., Python, Bash, Powershell, etc.)
  • Have experience with version control tools (e.g., git,perforce,etc…)
  • Can demonstrate best practices in case management
  • Have experience with ITIL Service Management and Agile Framework methodologies

ITAR Compliance

This position will have access to customer data and as such is subject to International Traffic in Arms Regulations (ITAR). Upon application, candidates will be asked to confirm that they are a U.S. Person as defined by the following:

  • A citizen of the U.S.;
  • A lawful permanent resident of the United States; 
  • A person admitted to the United States as a refugee; or
  • A person that has been granted asylum by the United States government.

The intent of this requirement is not to verify employment eligibility overall, but to ensure compliance with import/export regulations. If you do not meet these requirements, we encourage you to apply for other open roles at Deepwatch. This information will be verified upon offer of employment.

For applicants in NYC, CO, CA, RI, and WA, the salary range for this role is $160,000 to $240,000+ stock options + benefits. Actual compensation may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level.

What We Offer:

Deepwatch is excited to provide benefits designed to support team members and their families. Including:

  • Medical, dental, vision, and disability insurance
  • Flexible Time Off (FTO), 9 company holidays, sick leave and 8-Weeks Paid Parental Leave
  • Unique professional development benefits, starting at $3,000 annually
  • Wellness contests and monthly educational programs
  • 401(K) retirement program with employer match
  • Learn more here: Deepwatch Benefits

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so please don’t hesitate to apply — we’d love to hear from you.  Please review our DEI Statement here.

Deepwatch welcomes and encourages applications from people with disabilities and accommodations are available on request for candidates taking part in all aspects of the selection process. Please inform your recruiter or contact for further information.

All Deepwatch employees are expected to:

  • Be interested in and able to work remotely from a home office when not at a corporate office
  • Pass a pre-employment background and drug screen in accordance with applicable laws

Deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law.  In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

By submitting your application, you agree that Deepwatch may collect your personal data for recruiting, global organization planning, and related purposes. The Deepwatch Privacy Policy explains what personal information we may process, where we may process your personal information, our purposes for processing your personal information, and the rights you can exercise over Deepwatch’s use of your personal information. 

Apply now Apply later
  • Share this job via
  • or
Job stats:  1  0  0

Tags: Agile Ansible Automation AWS Azure Bash C Cloud Compliance DevOps Docker GCP IAM ITIL Linux PowerShell Privacy Puppet Python Red Hat Scripting SIEM SOC Splunk Terraform Ubuntu

Perks/benefits: 401(k) matching Career development Equity / stock options Flex hours Flex vacation Health care Insurance Medical leave Parental leave Startup environment Wellness

Region: Remote/Anywhere

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.